CVE-2026-58380: GIMP PNM Parser Buffer Overflow
| Field | Value |
|---|---|
| CVE ID | CVE-2026-58380 |
| CVSS score | 7.3 (High) |
| Attack vector | Crafted local file opened or parsed by GIMP; exact NVD vector string was not available in the retrieved record |
| Auth required | Unknown from primary scoring data; practically, no authentication is needed to create a malicious PNM file, but user interaction to open/process the file is the likely trigger |
| Patch status | Upstream patch exists via GNOME GitLab commit 83699817; fixed release number was not confirmed in the retrieved primary sources |
TL;DR - GIMP has a high severity off-by-one stack overflow in PNM parsing. - Confirmed reproduced on GIMP 3.2.1; update to a build containing commit
83699817. - No confirmed in-the-wild exploitation or public PoC was identified, but untrusted PNM files should be treated as risky.
What is CVE-2026-58380?
CVE-2026-58380 is a memory safety vulnerability in GIMP (GNU Image Manipulation Program), specifically in its PNM file format parser. The NVD description states that the flaw is an off-by-one stack buffer overflow in the function pnmscanner_gettoken(). When GIMP parses a specially crafted PNM image, the parser can write a NUL terminator one byte past the end of a stack-allocated buffer.
That sounds minor, but off-by-one writes on the stack are still security-relevant. Depending on compiler behavior, stack layout, canaries, ASLR, and adjacent variables, the issue can cause a straightforward application crash or broader memory corruption. NVD explicitly notes potential denial of service and possible arbitrary code execution. In practice, defenders should assume that opening untrusted image files is part of the attack surface and prioritize remediation accordingly.
Who is Affected?
The affected product is GIMP. The vulnerable component is the PNM parser, and the vulnerable function identified in the primary sources is pnmscanner_gettoken(). Based on the available upstream issue metadata, the bug was reproduced on GIMP 3.2.1. That is the only specific affected version that can be directly quoted from the retrieved source material without overclaiming.
What is not currently confirmed from the retrieved primary sources is the full affected version range or the first fixed release number. The research note explicitly indicates that the full upstream issue body and commit details were not fully exposed in the retrieved text. So the most accurate statement is: GIMP 3.2.1 is confirmed affected, and an upstream fix exists in commit 83699817, but the exact broader affected range and fixed release number were not verifiably available from the consulted sources. In the absence of full version data, defenders should assume any deployed GIMP build near or including 3.2.1 may require review against vendor package changelogs or the upstream patch.
Why This Vulnerability Matters Operationally
Image parsers routinely process attacker-controlled content from email attachments, downloads, chat transfers, ticket uploads, and shared storage. Even when the attack requires user interaction, malformed file parsing bugs are valuable to attackers because they target software that many users trust and open routinely. A malicious PNM file could be delivered under the guise of test assets, design files, or content conversion workflows.
For IT and security teams, the main operational question is not whether this bug is internet-facing in the classic remote-service sense, but whether users, artists, designers, or automation systems process untrusted PNM files. If your environment uses GIMP on workstations, VDI instances, shared Linux desktops, or content-processing jump boxes, the practical risk is that a user opens a crafted file and triggers memory corruption in a desktop application that may have access to local files, credentials, tokens, or browser session artifacts.
Affected Versions and Fix Status
The versioning picture is incomplete, so it is important to be precise.
| Version / status item | What is confirmed |
|---|---|
| Confirmed affected version | GIMP 3.2.1 was referenced in visible upstream issue metadata as the environment/version where the issue was reproduced |
| Full affected version range | Unknown from retrieved sources |
| Fixed upstream code | Yes, via GNOME GitLab commit 83699817 |
| Fixed release version number | Unknown from retrieved sources |
| Downstream distro backports | Unknown; check vendor advisories and package changelogs |
Because the fixed release number was not visible in the consulted sources, do not rely on assumptions such as “latest 3.2.x is safe” unless your package maintainer or upstream release notes explicitly say the build contains commit 83699817 or references CVE-2026-58380. For practitioners, the safest path is to validate either the exact release note or the distro package changelog rather than infer patch status from branch naming alone.
Technical Notes
To inventory installed GIMP versions on Linux endpoints, use package manager queries such as:
# Debian/Ubuntu
dpkg -l | grep -i '^ii.*gimp'
# RHEL/CentOS/Fedora
rpm -qa | grep -i '^gimp'
# Arch
pacman -Q | grep -i '^gimp'
If you build from source or package internally, verify whether the source tree contains the upstream fix commit:
git log --oneline --grep="83699817"
git show 83699817
Exploitation Status and PoC Availability
At the time of writing, there is no verified evidence of exploitation in the wild in the consulted sources. CVE-2026-58380 is not listed in CISA KEV, which means there is no CISA-backed confirmation of known exploitation. That does not prove it is unexploited, but it does mean defenders should not state exploitation as confirmed.
There is also no public proof-of-concept identified in the research provided here. However, the bug is not purely theoretical. Public technical tracking exists in both GNOME GitLab and Red Hat Bugzilla, and the visible upstream issue metadata indicates the crash was reproducible with ASAN. That matters because reproducible sanitizer-backed crashes often lower the barrier to future exploit development, even if exploit code is not yet public. The correct practitioner stance is: no confirmed in-the-wild exploitation, no known public PoC from the consulted sources, but credible technical validation exists.
Technical Deep Dive
The core bug is an off-by-one boundary error in pnmscanner_gettoken(). According to NVD, the parser writes a trailing NUL byte one position beyond a stack buffer while processing crafted PNM input. This is a classic parser hardening failure: tokenization logic often assumes input lengths remain within expected bounds, and a single incorrect comparison can turn a safe truncation path into an out-of-bounds write.
The reason defenders should care about a one-byte write is that stack corruption does not need to be large to be dangerous. Even when modern mitigations prevent reliable code execution, crashes are often enough to create denial-of-service conditions in user workflows or batch image processing. In some build environments, the overwritten byte could affect adjacent state in ways that become exploitable. Since public technical discussion and a fix commit exist, this is the kind of bug that may attract further scrutiny from researchers even if exploitation is not yet public.
Technical Notes
Relevant vulnerable area from the public descriptions:
pnmscanner_gettoken()
The trigger condition described by NVD is a specially crafted PNM file. Defenders who do malware triage should preserve suspicious PNM samples and capture crash artifacts such as core dumps, ASAN output, and the exact GIMP build used. If you operate a sandbox or detonation pipeline for attachments, adding GIMP-based rendering tests for uncommon image formats like PNM can improve visibility into malformed-file attacks.
Bottom Line for Defenders
CVE-2026-58380 is a high-severity GIMP parser vulnerability with a clear malformed-file attack path and an upstream fix already available. The strongest confirmed facts are that the bug affects GIMP’s PNM parser, was reproduced on GIMP 3.2.1, and is fixed upstream in commit 83699817.
What remains unknown is the full affected version range and the first fixed release number from the retrieved primary sources. In the absence of that data, defenders should assume any GIMP deployment at or around 3.2.1 needs validation, prioritize upgrades from trusted vendor channels, and treat untrusted PNM files as potentially dangerous until patch status is confirmed.
For further information on security practices, consider exploring what is defense in depth and what is OIDC.
This article may contain affiliate links. We earn a commission on qualifying purchases at no extra cost to you.
Detection and Exposure Assessment
Detection for a desktop file parser flaw is different from detection for a network service vulnerability. You are unlikely to see a clean IDS hit unless the malicious file traverses monitored email, web proxy, or file transfer infrastructure. In most environments, exposure assessment starts with identifying where GIMP is installed and whether PNM files are handled from untrusted sources.
A practical detection strategy combines endpoint telemetry, crash monitoring, and file activity analysis. Security teams should look for GIMP processes opening .pnm, .pbm, .pgm, or .ppm files shortly before a crash, segmentation fault, sanitizer alert, or abnormal termination. If your EDR captures process command lines, file open events, and crash metadata, correlate those events around GIMP executions. Where centralized desktop logs are unavailable, service desk crash reports and developer workstation telemetry may be the first indicator.
Technical Notes
On Linux systems using journald, look for segmentation faults involving gimp:
journalctl -S -7d | egrep -i 'gimp|segfault|signal 11|core dumped'
Example log patterns worth hunting:
gimp[12345]: segfault at 0 ip 00007f... sp 00007f... error 4 in libgimp...
kernel: traps: gimp[12345] general protection fault ip:... sp:...
systemd-coredump[45678]: Process 12345 (gimp) of user 1000 dumped core.
If you have endpoint telemetry in a SIEM, a basic hunting query might look like:
SELECT timestamp, host, user, process_name, command_line, target_file
FROM file_process_events
WHERE process_name = 'gimp'
AND LOWER(target_file) REGEXP '\.(pnm|pbm|pgm|ppm)$'
ORDER BY timestamp DESC;
On systems with Suricata inspecting HTTP downloads, you can at least flag inbound PNM transfers for higher scrutiny:
alert http any any -> $HOME_NET any (msg:"Possible PNM image download"; fileext:"pnm"; sid:10058380; rev:1;)
This is not a signature for exploit content, only a coarse visibility aid. Because no public exploit sample was identified, defenders should avoid overconfident content signatures and instead focus on file provenance plus crash correlation.
Mitigation and Patching Guidance
The best mitigation is to upgrade to the first GIMP release or downstream package build that includes upstream commit 83699817. Because the exact fixed release version number was not confirmed in the retrieved sources, teams should verify package changelogs, distro advisories, or upstream release notes before closing the issue. If you run a managed Linux desktop fleet, coordinate with the OS vendor rather than assuming upstream and distro package timelines match.
If you cannot patch immediately, reduce exposure by treating PNM files as untrusted content. Block or quarantine PNM attachments from untrusted senders where feasible, open suspicious images only in isolated analysis environments, and consider launching GIMP under sandbox controls on higher-risk workstations. This is especially relevant for graphics teams, web content teams, or admins handling attachments from external parties.
Technical Notes
Example upgrade commands depend on your platform and should be paired with a check that the resulting package includes the fix:
# Debian/Ubuntu
sudo apt update
sudo apt install --only-upgrade gimp
# RHEL/CentOS Stream/Fedora
sudo dnf upgrade gimp
# openSUSE
sudo zypper update gimp
# Arch Linux
sudo pacman -Syu gimp
For temporary risk reduction, block or rename PNM-family file types at mail gateways or upload filters where business-acceptable. On Linux workstations, you can also open GIMP inside a sandbox if already supported in your environment:
flatpak run org.gimp.GIMP
If you maintain internal builds, backport the upstream fix commit directly:
git fetch origin
git cherry-pick 83699817
make
make install
Only use source-level backporting if you have a controlled build pipeline and validation process.
References
- NVD CVE record: https://nvd.nist.gov/vuln/detail/CVE-2026-58380
- CISA KEV catalog: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- Red Hat CVE page: https://access.redhat.com/security/cve/CVE-2026-58380
- Red Hat Bugzilla issue: https://bugzilla.redhat.com/show_bug.cgi?id=2496135
- Upstream patch commit: https://gitlab.gnome.org/GNOME/gimp/-/commit/83699817
- Upstream issue: https://gitlab.gnome.org/GNOME/gimp/-/issues/16206
- Official GIMP site: https://www.gimp.org