PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-58380 Red Hat CVE debrief

A flaw was found in GIMP's PNM file format parser. When parsing a specially crafted PNM file, the pnmscanner_gettoken() function writes a null terminator one byte past the end of a stack-allocated buffer due to an off-by-one error in the loop boundary check. This could lead to memory corruption, potentially resulting in denial of service or arbitrary code execution. The vulnerability affects users of GIMP, particularly those handling PNM files from untrusted sources.

Vendor
Red Hat
Product
Red Hat Enterprise Linux 6
CVSS
HIGH 7.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-06
Original CVE updated
2026-07-10
Advisory published
2026-07-06
Advisory updated
2026-07-10

Who should care

Users of GIMP, particularly those handling PNM files from untrusted sources, should be aware of this vulnerability. Red Hat Enterprise Linux users should check for updates, as GIMP is likely used in various environments. Affected operator, platform, vulnerability-management, and security-team impact should be reviewed.

Technical summary

The CVE-2026-58380 vulnerability is caused by an off-by-one error in the loop boundary check of the pnmscanner_gettoken() function in GIMP's PNM file format parser. This error allows writing a null terminator one byte past the end of a stack-allocated buffer, potentially leading to memory corruption. The vulnerability has a CVSS score of 7.3 and is classified as HIGH severity. Affected users should be aware of the potential for denial of service or arbitrary code execution.

Defensive priority

Apply patches or updates for GIMP as soon as available. Review and restrict the handling of PNM files from untrusted sources. Consider compensating controls such as validating PNM files before processing.

Recommended defensive actions

  • Apply patches or updates for GIMP as soon as available.
  • Review and restrict the handling of PNM files from untrusted sources.
  • Monitor GIMP and Red Hat advisories for updates and patches.
  • Consider compensating controls such as validating PNM files before processing.
  • Review relevant monitoring, detection, and logs for exposed assets that need extra review.
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented.
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.

Evidence notes

The CVE record was published on 2026-07-06T15:16:40.020Z and was last modified on 2026-07-10T17:26:18.870Z. The NVD entry is currently Analyzed. Red Hat has provided advisories and issue tracking information. Evidence limits and source grounding indicate potential for denial of service or arbitrary code execution.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-06T15:16:40.020Z and has not been modified since then. The NVD entry is currently Analyzed.