Vulnerability Details CVE-2026-58384
A flaw was found in GIMP's PSD parser. An integer overflow in read_RLE_channel() can cause an undersized heap allocation for the RLE row-length table, after which subsequent per-row writes corrupt heap memory. This could lead to memory corruption, potentially resulting in denial of service or arbitrary code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 12.4%
CVSS Severity
CVSS v3 Score 7.3
Products affected by CVE-2026-58384
-
cpe:2.3:a:gimp:gimp:3.2.4
-
cpe:2.3:o:redhat:enterprise_linux:9.0