GIMP PNM Parser Off-By-One Buffer Overrun
CVE-2026-58380 Published on July 6, 2026
Gimp: gimp: stack buffer overflow in pnmscanner_gettoken()
A flaw was found in GIMP's PNM file format parser. When parsing a specially crafted PNM file, the pnmscanner_gettoken() function writes a null terminator one byte past the end of a stack-allocated buffer due to an off-by-one error in the loop boundary check. This could lead to memory corruption, potentially resulting in denial of service or arbitrary code execution.
Vulnerability Analysis
CVE-2026-58380 is exploitable with local system access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Timeline
Reported to Red Hat.
Made public.
Weakness Type
What is an off-by-five Vulnerability?
A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.
CVE-2026-58380 has been classified to as an off-by-five vulnerability or weakness.
Products Associated with CVE-2026-58380
Want to know whenever a new CVE is published for Red Hat Enterprise Linux (RHEL)? stack.watch will email you.