<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Red Hat Enterprise Linux 6 - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/products/red-hat-enterprise-linux-6/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Mon, 06 Jul 2026 15:25:56 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/products/red-hat-enterprise-linux-6/feed.xml" rel="self" type="application/rss+xml"/><item><title>CVE-2026-58380: GIMP PNM Parser Off-by-One Error Leads to RCE</title><link>https://feed.craftedsignal.io/briefs/2026-07-cve-2026-58380-gimp-pnm-parser-vulnerability/</link><pubDate>Mon, 06 Jul 2026 15:25:56 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-cve-2026-58380-gimp-pnm-parser-vulnerability/</guid><description>A high-severity off-by-one error, CVE-2026-58380, in GIMP's PNM file format parser (specifically the `pnmscanner_gettoken()` function) allows an attacker to corrupt memory by crafting a malicious PNM file, potentially leading to denial of service or arbitrary code execution when the file is opened.</description><content:encoded><![CDATA[<p>CVE-2026-58380 details a critical vulnerability discovered in GIMP's PNM (Portable Anymap) image file format parser. The flaw resides within the <code>pnmscanner_gettoken()</code> function, where an off-by-one error during a loop boundary check causes a null terminator to be written one byte beyond the intended boundary of a stack-allocated buffer. This memory corruption is triggered when GIMP attempts to parse a specially crafted PNM file. While not yet observed in active exploitation, successful exploitation could lead to application instability and denial of service due to crashes, or, more severely, arbitrary code execution, granting an attacker control over the compromised system. This vulnerability affects various GIMP versions, including those shipped with Red Hat Enterprise Linux distributions.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>An attacker crafts a malicious PNM image file specifically designed to exploit the off-by-one error in GIMP's <code>pnmscanner_gettoken()</code> function.</li>
<li>The malicious PNM file is delivered to a victim through common vectors such as email attachments, malicious websites, or untrusted file shares.</li>
<li>The victim opens the specially crafted PNM file using the vulnerable GIMP application.</li>
<li>During the file parsing process, the <code>pnmscanner_gettoken()</code> function attempts to process the malicious input.</li>
<li>The off-by-one error causes a null byte to be written past the end of a stack buffer, corrupting adjacent memory.</li>
<li>This memory corruption disrupts program execution flow, leading to either an immediate application crash (denial of service) or, under controlled conditions, enables arbitrary code execution on the victim's system.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>The vulnerability, CVE-2026-58380, carries a CVSS v3.1 Base Score of 7.3 (High), indicating significant potential impact. If successfully exploited, systems running vulnerable versions of GIMP could suffer from denial of service, where the application crashes, leading to loss of productivity. More critically, an attacker could achieve arbitrary code execution, allowing them to install malware, exfiltrate data, or gain full control over the compromised system. While there are no reports of in-the-wild exploitation, the widespread use of GIMP, particularly on Linux distributions like Red Hat Enterprise Linux, makes this a high-risk vulnerability.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Apply available patches for CVE-2026-58380 immediately to all GIMP installations, particularly on Red Hat Enterprise Linux systems, by referring to the official Red Hat security advisory at <code>https://access.redhat.com/security/cve/CVE-2026-58380</code>.</li>
<li>Monitor Red Hat security channels for updates to affected products as detailed in the Red Hat advisory and apply them promptly.</li>
<li>Implement user awareness training regarding the risks associated with opening untrusted image files, especially those in less common formats like PNM.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">threat</category><category>vulnerability</category><category>memory-corruption</category><category>buffer-overflow</category><category>GIMP</category><category>linux</category></item></channel></rss>