CVE-2026-58384

Summary

A flaw was found in GIMP's PSD parser. An integer overflow in read_RLE_channel() can cause an undersized heap allocation for the RLE row-length table, after which subsequent per-row writes corrupt heap memory. This could lead to memory corruption, potentially resulting in denial of service or arbitrary code execution.

Affected Software

VendorProductVersion RangeStatus

Weaknesses

  • CWE-190: Integer Overflow or Wraparound

Workarounds

None — requires opening a crafted PSD file.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References