PatchSiren cyber security CVE debrief
CVE-2026-58380 Red Hat CVE debrief
A flaw was found in GIMP's PNM file format parser. When parsing a specially crafted PNM file, the pnmscanner_gettoken() function writes a null terminator one byte past the end of a stack-allocated buffer due to an off-by-one error in the loop boundary check. This could lead to memory corruption, potentially resulting in denial of service or arbitrary code execution. The vulnerability affects users of GIMP, particularly those handling PNM files from untrusted sources.
- Vendor
- Red Hat
- Product
- Red Hat Enterprise Linux 6
- CVSS
- HIGH 7.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-06
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-07-06
- Advisory updated
- 2026-07-10
Who should care
Users of GIMP, particularly those handling PNM files from untrusted sources, should be aware of this vulnerability. Red Hat Enterprise Linux users should check for updates, as GIMP is likely used in various environments. Affected operator, platform, vulnerability-management, and security-team impact should be reviewed.
Technical summary
The CVE-2026-58380 vulnerability is caused by an off-by-one error in the loop boundary check of the pnmscanner_gettoken() function in GIMP's PNM file format parser. This error allows writing a null terminator one byte past the end of a stack-allocated buffer, potentially leading to memory corruption. The vulnerability has a CVSS score of 7.3 and is classified as HIGH severity. Affected users should be aware of the potential for denial of service or arbitrary code execution.
Defensive priority
Apply patches or updates for GIMP as soon as available. Review and restrict the handling of PNM files from untrusted sources. Consider compensating controls such as validating PNM files before processing.
Recommended defensive actions
- Apply patches or updates for GIMP as soon as available.
- Review and restrict the handling of PNM files from untrusted sources.
- Monitor GIMP and Red Hat advisories for updates and patches.
- Consider compensating controls such as validating PNM files before processing.
- Review relevant monitoring, detection, and logs for exposed assets that need extra review.
- Track exceptions, retest remediated assets, and close the item only after evidence is documented.
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
Evidence notes
The CVE record was published on 2026-07-06T15:16:40.020Z and was last modified on 2026-07-10T17:26:18.870Z. The NVD entry is currently Analyzed. Red Hat has provided advisories and issue tracking information. Evidence limits and source grounding indicate potential for denial of service or arbitrary code execution.
Official resources
-
CVE-2026-58380 CVE record
CVE.org
-
CVE-2026-58380 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
-
Mitigation or vendor reference
[email protected] - Issue Tracking, Third Party Advisory
-
Source reference
[email protected] - Broken Link
-
Mitigation or vendor reference
[email protected] - Exploit, Issue Tracking, Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-06T15:16:40.020Z and has not been modified since then. The NVD entry is currently Analyzed.