PatchSiren cyber security CVE debrief
CVE-2026-58381 Red Hat CVE debrief
A flaw was found in GIMP's PSP file format parser. A double-free condition occurs in the read_layer_block() function when processing a specially crafted PSP file. This could allow an attacker to cause memory corruption, potentially leading to denial of service or arbitrary code execution. The vulnerability has been confirmed in GIMP's PSP file format parser, and its impact is being analyzed. Further verification is needed to assess the full scope of affected systems and potential mitigations.
- Vendor
- Red Hat
- Product
- Red Hat Enterprise Linux 6
- CVSS
- MEDIUM 6.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-02
- Original CVE updated
- 2026-07-07
- Advisory published
- 2026-07-02
- Advisory updated
- 2026-07-07
Who should care
Users of GIMP, especially those processing PSP files from untrusted sources, should be aware of this vulnerability and take steps to mitigate it. This includes updating to the latest version of GIMP and exercising caution with PSP files from untrusted sources until the update is applied and verified across their environments.
Technical summary
The vulnerability is caused by a double-free condition in the read_layer_block() function of GIMP's PSP file format parser. This occurs when processing a specially crafted PSP file, which could lead to memory corruption. The potential impact includes denial of service or arbitrary code execution. GIMP users should prioritize updating to the latest version and exercising caution with PSP files from untrusted sources until the update is applied and verified across their environments.
Defensive priority
Medium priority due to the potential for denial of service or arbitrary code execution. GIMP users should prioritize updating to the latest version and exercising caution with PSP files from untrusted sources until the update is applied and verified across their environments. Monitoring for unusual activity related to PSP file processing is also recommended as a compensating control measure while patches are being implemented and tested across the organization. Additionally, reviewing system logs for signs of exploitation attempts can help in early detection and response to potential attacks. Asset inventory management should include tracking GIMP installations and their exposure to PSP file processing workflows. Rollback change windows should be considered for rapid deployment of patches with minimal disruption to critical operations. Source tracking and verification of PSP file sources can also aid in reducing the risk of exploitation through untrusted files. Implementing these measures can help mitigate the risk associated with this vulnerability until a comprehensive fix is in place and fully tested across all affected systems and workflows.
Recommended defensive actions
- Update GIMP to the latest version that patches this vulnerability.
- Avoid processing PSP files from untrusted sources until the update is applied.
- Monitor GIMP's official channels for updates and advisories related to this vulnerability.
- Review system logs for signs of exploitation attempts.
- Track GIMP installations and their exposure to PSP file processing workflows.
- Implement compensating controls for exposed systems while remediation is scheduled and verified.
- Verify the integrity of PSP files before processing them.
Evidence notes
The CVE record was published on 2026-07-02T20:17:06.170Z and was last modified on 2026-07-07T18:16:39.803Z. The NVD entry is currently Awaiting Analysis. References include Red Hat's security advisory and GIMP's issue tracker. The vulnerability has been confirmed in GIMP's PSP file format parser, and its impact is being analyzed. Further verification is needed to assess the full scope of affected systems and potential mitigations.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-02T20:17:06.170Z and has not been modified since then. The NVD entry is currently Awaiting Analysis.