CVE-2026-58381
Received Received - Intake

Double-Free in GIMP PSP File Parser

Vulnerability report for CVE-2026-58381, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-02

Last updated on: 2026-07-02

Assigner: Red Hat, Inc.

Description

A flaw was found in GIMP's PSP file format parser. A double-free condition occurs in the read_layer_block() function when processing a specially crafted PSP file. This could allow an attacker to cause memory corruption, potentially leading to denial of service or arbitrary code execution.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-02
Last Modified
2026-07-02
Generated
2026-07-03
AI Q&A
2026-07-02
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
gnome gimp to 2.10.34 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-415 The product calls free() twice on the same memory address.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a double-free flaw in GIMP's Paint Shop Pro (PSP) file format parser, specifically in the read_layer_block() function. During processing of a specially crafted PSP file, a variable named 'name' is allocated, used, and freed in a loop. If an error occurs during the second iteration before memory is allocated for 'name', the pointer from the first iteration is freed again, causing a double-free condition.

This double-free can lead to memory corruption, which may allow an attacker to cause a denial of service or potentially execute arbitrary code on the affected system.

Impact Analysis

The vulnerability can impact you by allowing an attacker to exploit the double-free condition to corrupt memory. This can result in a denial of service, causing the GIMP application to crash or become unstable.

More severely, the memory corruption could be leveraged by an attacker to execute arbitrary code, potentially gaining control over the system running GIMP with the privileges of the user.

Detection Guidance

This vulnerability is a double-free condition in GIMP's PSP file format parser triggered by processing specially crafted PSP files. Detection would involve monitoring or analyzing GIMP's handling of PSP files for crashes or abnormal behavior.

There are no specific commands or network detection methods provided in the available information to detect this vulnerability directly.

Mitigation Strategies

To mitigate this vulnerability, update GIMP to the latest version where the fix has been committed upstream.

Avoid opening or processing untrusted or specially crafted PSP files until the patched version is applied.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-58381. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart