A flaw was found in GIMP's PNM file format parser. When parsing a specially crafted PNM file, the pnmscanner_gettoken() function writes a null terminator one byte past the end of a stack-allocated buffer due to an off-by-one error in the loop boundary check. This could lead to memory corruption, potentially resulting in denial of service or arbitrary code execution.
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
None — requires opening a crafted PNM file.
References
History
Mon, 06 Jul 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A flaw was found in GIMP's PNM file format parser. When parsing a specially crafted PNM file, the pnmscanner_gettoken() function writes a null terminator one byte past the end of a stack-allocated buffer due to an off-by-one error in the loop boundary check. This could lead to memory corruption, potentially resulting in denial of service or arbitrary code execution. | |
| Title | Gimp: gimp: stack buffer overflow in pnmscanner_gettoken() | |
| First Time appeared |
Redhat
Redhat enterprise Linux |
|
| Weaknesses | CWE-193 | |
| CPEs | cpe:/o:redhat:enterprise_linux:6 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9 |
|
| Vendors & Products |
Redhat
Redhat enterprise Linux |
|
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2026-07-06T15:41:15.008Z
Reserved: 2026-06-30T16:54:04.312Z
Link: CVE-2026-58380
No data.
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses