<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Red Hat Enterprise Linux 9 (Gimp Package) - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/products/red-hat-enterprise-linux-9-gimp-package/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Fri, 03 Jul 2026 19:18:57 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/products/red-hat-enterprise-linux-9-gimp-package/feed.xml" rel="self" type="application/rss+xml"/><item><title>CVE-2026-58379: GIMP Heap Buffer Overflow in PSP Parser Allows RCE</title><link>https://feed.craftedsignal.io/briefs/2026-07-cve-2026-58379-gimp-heap-overflow/</link><pubDate>Fri, 03 Jul 2026 19:18:57 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-cve-2026-58379-gimp-heap-overflow/</guid><description>A heap buffer overflow vulnerability (CVE-2026-58379) in GIMP's Paint Shop Pro (PSP) file format parser allows a remote attacker to achieve arbitrary code execution or cause a denial of service (DoS) by tricking a user into opening a specially crafted PSP image file, exploiting incorrect buffer size calculations when processing low bit-depth images.</description><content:encoded><![CDATA[<p>A critical heap buffer overflow vulnerability, identified as CVE-2026-58379, has been discovered in GIMP's Paint Shop Pro (PSP) file format parser. This flaw allows a remote attacker to achieve arbitrary code execution or a denial of service (DoS) on affected systems. The vulnerability is triggered when a user is tricked into opening a specially crafted PSP image file. The core issue lies in the software's incorrect calculation of buffer sizes when processing low bit-depth images, leading to an overwrite of adjacent memory. This affects the GIMP application, particularly the <code>gimp</code> package on Red Hat Enterprise Linux 9, as confirmed by Red Hat. Defenders should prioritize patching GIMP to mitigate the risk of successful exploitation, which could lead to complete system compromise or disruption.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>An attacker crafts a malicious Paint Shop Pro (PSP) image file specifically designed to exploit CVE-2026-58379, incorporating malformed low bit-depth image data.</li>
<li>The attacker delivers the specially crafted PSP file to a target user, often via social engineering tactics such as email attachments or malicious download links.</li>
<li>The unsuspecting user is tricked into opening the malicious PSP image file using the GIMP application on their system.</li>
<li>GIMP's internal PSP file format parser attempts to process the malformed image data within the file.</li>
<li>During the parsing of low bit-depth image data, GIMP incorrectly calculates buffer sizes for memory allocation, leading to a heap buffer overflow condition.</li>
<li>This overflow allows attacker-controlled data to overwrite adjacent memory regions within the GIMP process.</li>
<li>Successful exploitation of the memory corruption leads to either arbitrary code execution within the context of the GIMP process or a denial of service, crashing the application.</li>
<li>With arbitrary code execution, the attacker can establish persistence, exfiltrate data, or further compromise the compromised system.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>The successful exploitation of CVE-2026-58379 can lead to significant consequences, ranging from a denial of service (DoS) that crashes the GIMP application, disrupting user workflow, to arbitrary code execution. Arbitrary code execution would allow an attacker to run malicious code within the context of the affected user, potentially leading to full system compromise, data exfiltration, or the installation of additional malware. While specific victim counts or targeted sectors are not detailed, any user of the vulnerable GIMP version, particularly on Red Hat Enterprise Linux 9, is at risk.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Immediately update GIMP to a patched version that addresses CVE-2026-58379. Consult Red Hat advisories (e.g., <a href="https://access.redhat.com/security/cve/CVE-2026-58379">https://access.redhat.com/security/cve/CVE-2026-58379</a>) for specific package updates for Red Hat Enterprise Linux 9.</li>
<li>Educate users about the risks of opening unsolicited or suspicious image files, especially those from untrusted sources, to mitigate the initial access vector associated with opening specially crafted PSP files.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>heap-buffer-overflow</category><category>vulnerability</category><category>image-processing</category><category>gimp</category></item></channel></rss>