{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/red-hat-enterprise-linux-9-gimp-package/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-58379"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["GIMP","Red Hat Enterprise Linux 9 (gimp package)"],"_cs_severities":["high"],"_cs_tags":["heap-buffer-overflow","vulnerability","image-processing","gimp"],"_cs_type":"advisory","_cs_vendors":["GNOME","Red Hat"],"content_html":"\u003cp\u003eA critical heap buffer overflow vulnerability, identified as CVE-2026-58379, has been discovered in GIMP's Paint Shop Pro (PSP) file format parser. This flaw allows a remote attacker to achieve arbitrary code execution or a denial of service (DoS) on affected systems. The vulnerability is triggered when a user is tricked into opening a specially crafted PSP image file. The core issue lies in the software's incorrect calculation of buffer sizes when processing low bit-depth images, leading to an overwrite of adjacent memory. This affects the GIMP application, particularly the \u003ccode\u003egimp\u003c/code\u003e package on Red Hat Enterprise Linux 9, as confirmed by Red Hat. Defenders should prioritize patching GIMP to mitigate the risk of successful exploitation, which could lead to complete system compromise or disruption.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious Paint Shop Pro (PSP) image file specifically designed to exploit CVE-2026-58379, incorporating malformed low bit-depth image data.\u003c/li\u003e\n\u003cli\u003eThe attacker delivers the specially crafted PSP file to a target user, often via social engineering tactics such as email attachments or malicious download links.\u003c/li\u003e\n\u003cli\u003eThe unsuspecting user is tricked into opening the malicious PSP image file using the GIMP application on their system.\u003c/li\u003e\n\u003cli\u003eGIMP's internal PSP file format parser attempts to process the malformed image data within the file.\u003c/li\u003e\n\u003cli\u003eDuring the parsing of low bit-depth image data, GIMP incorrectly calculates buffer sizes for memory allocation, leading to a heap buffer overflow condition.\u003c/li\u003e\n\u003cli\u003eThis overflow allows attacker-controlled data to overwrite adjacent memory regions within the GIMP process.\u003c/li\u003e\n\u003cli\u003eSuccessful exploitation of the memory corruption leads to either arbitrary code execution within the context of the GIMP process or a denial of service, crashing the application.\u003c/li\u003e\n\u003cli\u003eWith arbitrary code execution, the attacker can establish persistence, exfiltrate data, or further compromise the compromised system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe successful exploitation of CVE-2026-58379 can lead to significant consequences, ranging from a denial of service (DoS) that crashes the GIMP application, disrupting user workflow, to arbitrary code execution. Arbitrary code execution would allow an attacker to run malicious code within the context of the affected user, potentially leading to full system compromise, data exfiltration, or the installation of additional malware. While specific victim counts or targeted sectors are not detailed, any user of the vulnerable GIMP version, particularly on Red Hat Enterprise Linux 9, is at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately update GIMP to a patched version that addresses CVE-2026-58379. Consult Red Hat advisories (e.g., \u003ca href=\"https://access.redhat.com/security/cve/CVE-2026-58379\"\u003ehttps://access.redhat.com/security/cve/CVE-2026-58379\u003c/a\u003e) for specific package updates for Red Hat Enterprise Linux 9.\u003c/li\u003e\n\u003cli\u003eEducate users about the risks of opening unsolicited or suspicious image files, especially those from untrusted sources, to mitigate the initial access vector associated with opening specially crafted PSP files.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-03T19:18:57Z","date_published":"2026-07-03T19:18:57Z","id":"https://feed.craftedsignal.io/briefs/2026-07-cve-2026-58379-gimp-heap-overflow/","summary":"A heap buffer overflow vulnerability (CVE-2026-58379) in GIMP's Paint Shop Pro (PSP) file format parser allows a remote attacker to achieve arbitrary code execution or cause a denial of service (DoS) by tricking a user into opening a specially crafted PSP image file, exploiting incorrect buffer size calculations when processing low bit-depth images.","title":"CVE-2026-58379: GIMP Heap Buffer Overflow in PSP Parser Allows RCE","url":"https://feed.craftedsignal.io/briefs/2026-07-cve-2026-58379-gimp-heap-overflow/"}],"language":"en","title":"CraftedSignal Threat Feed - Red Hat Enterprise Linux 9 (Gimp Package)","version":"https://jsonfeed.org/version/1.1"}