Skip to content
Threat Feed

Vendor

GNOME

4 briefs RSS
high advisory

CVE-2026-58384: GIMP PSD Parser Integer Overflow Leads to RCE/DoS

An integer overflow vulnerability (CVE-2026-58384) exists in GIMP's PSD parser within the `read_RLE_channel()` function, leading to undersized heap allocations that can cause subsequent heap memory corruption, potentially resulting in denial of service or arbitrary code execution.

GIMP +1 vulnerability rce dos linux heap-overflow
2t 1c
high threat

CVE-2026-58380: GIMP PNM Parser Off-by-One Error Leads to RCE

A high-severity off-by-one error, CVE-2026-58380, in GIMP's PNM file format parser (specifically the `pnmscanner_gettoken()` function) allows an attacker to corrupt memory by crafting a malicious PNM file, potentially leading to denial of service or arbitrary code execution when the file is opened.

exploited GIMP +4 vulnerability memory-corruption buffer-overflow linux
1c
low advisory

Potential Proxy Execution via Systemd-run on Linux

This brief details how attackers may leverage the `systemd-run` utility on Linux systems for defense evasion and execution by running commands as detached, transient services or scopes to obscure their activities and parent-child process chains.

Acronis Cyber Protect +46 defense-evasion execution linux
1r 3t
high advisory

CVE-2026-58379: GIMP Heap Buffer Overflow in PSP Parser Allows RCE

A heap buffer overflow vulnerability (CVE-2026-58379) in GIMP's Paint Shop Pro (PSP) file format parser allows a remote attacker to achieve arbitrary code execution or cause a denial of service (DoS) by tricking a user into opening a specially crafted PSP image file, exploiting incorrect buffer size calculations when processing low bit-depth images.

GIMP +1 heap-buffer-overflow vulnerability image-processing
3t 1c