Skip to main content

GIMP CVE-2026-58381

| EUVDEUVD-2026-41434 MEDIUM
Double Free (CWE-415)
2026-07-02 redhat GHSA-pfjw-r4vx-pmfw
6.1
CVSS 3.1 · Vendor: redhat
Share

Severity by source

Vendor (redhat) PRIMARY
6.1 MEDIUM
AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H
vuln.today AI
6.1 MEDIUM

File parsed locally by the running user account (AV:L/PR:L), mandatory victim interaction to open the crafted file (UI:R), reliable crash (A:H) with limited heap corruption impact (C:L/I:L) and no scope change.

3.1 AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (redhat).

CVSS VectorVendor: redhat

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jul 02, 2026 - 20:40 vuln.today

DescriptionCVE.org

A flaw was found in GIMP's PSP file format parser. A double-free condition occurs in the read_layer_block() function when processing a specially crafted PSP file. This could allow an attacker to cause memory corruption, potentially leading to denial of service or arbitrary code execution.

AnalysisAI

Double-free memory corruption in GIMP's PSP file format parser exposes local users to denial of service and potential arbitrary code execution when opening a specially crafted Paint Shop Pro image file. The flaw in read_layer_block() allows heap memory corruption that reliably crashes GIMP and, in a more sophisticated exploitation scenario, could enable arbitrary code execution with the privileges of the victim user. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft malicious PSP file with adversarial layer block
Delivery
Deliver file to victim via email or download
Exploit
Victim opens file in GIMP
Execution
read_layer_block() triggers double-free
Persist
Heap allocator metadata corrupted
Impact
GIMP crash (DoS) or controlled code execution as victim user

Vulnerability AssessmentAI

Exploitation Exploitation requires the victim user to actively open a specially crafted PSP (Paint Shop Pro) format file in GIMP - user interaction (UI:R) is a hard prerequisite, and exploitation cannot occur without this step. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 6.1 Medium score with AV:L/AC:L/PR:L/UI:R/S:U reflects a meaningful but constrained attack surface: exploitation requires the victim to manually open a malicious PSP file in GIMP on a local system, precluding automated or unauthenticated network exploitation. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker crafts a malicious PSP image file containing a specially structured layer block that triggers the double-free in read_layer_block() and delivers it to a target user via email, a web download, or a shared file repository. When the victim opens the file in GIMP on their RHEL workstation, heap memory is corrupted, at minimum crashing GIMP reliably. …
Remediation An upstream fix is available via GitLab commit b22e147b (https://gitlab.gnome.org/GNOME/gimp/-/commit/b22e147b); however, a tagged GIMP release incorporating this commit has not been independently confirmed from the available data, so this should be treated as an upstream fix pending a formal release. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-4480 CRITICAL POC
9.0 May 26

Remote code execution in Samba's printing subsystem allows remote attackers to inject arbitrary shell commands via craft

CVE-2026-14544 CRITICAL
9.8 Jul 03

Remote code execution and privilege escalation in HPLIP (HP Linux Imaging and Printing) affects the hpcups print filter

CVE-2026-33845 CRITICAL
9.1 Apr 30

Out-of-bounds read in the GnuTLS DTLS handshake reassembly logic lets remote unauthenticated attackers trigger an intege

CVE-2026-11610 HIGH
8.8 Jul 07

Denial of service in Red Hat / 389 Directory Server (389-ds-base, versions since ~1.3.2/2013) allows an authenticated LD

CVE-2026-14474 HIGH
8.8 Jul 07

Local-to-domain-wide root privilege escalation in SSSD's LDAP sudo provider allows an authenticated LDAP directory user

CVE-2026-52720 HIGH
8.8 Jun 15

Heap buffer overflow in GStreamer's librfb (RFB/VNC client) allows a malicious VNC server to corrupt heap memory on a co

CVE-2026-5260 HIGH
8.2 May 26

Information disclosure and denial of service in GnuTLS (libgnutls) let a remote, unauthenticated attacker trigger a heap

CVE-2026-0966 HIGH
8.2 Mar 26

Remote denial-of-service in libssh 0.11.x and earlier allows unauthenticated attackers to crash SSH server daemon proces

CVE-2026-42013 HIGH
8.2 May 26

Here is the multi-source synthesis as a single JSON object: ```json { "product_name": "GnuTLS", "summary": "Certifi

CVE-2026-14476 HIGH
8.0 Jul 07

Privilege escalation to root and Kerberos-based authentication bypass in SSSD's Active Directory GPO provider affects Re

CVE-2026-58384 HIGH
7.8 Jul 07

Heap memory corruption in GIMP's PSD (Photoshop) file parser allows a malicious .psd image to overflow an integer in rea

CVE-2026-58380 HIGH
7.8 Jul 06

Stack-based memory corruption in GIMP's PNM image parser lets an attacker execute code or crash the application when a v

Share

CVE-2026-58381 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy