Nixpkgs security tracker

Login with GitHub

Details of issue NIXPKGS-2026-2066

NIXPKGS-2026-2066
published 5 hours ago
Gimp: gimp: heap buffer overflow in read_channel_data()
Permalink CVE-2026-58379
7.3 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): Required (R)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
updated 5 hours ago by @LeSuisse Activity log
  • Created suggestion
  • @LeSuisse ignored
    19 packages
    • gimp2
    • gimp-with-plugins
    • gimp2Plugins.gimp
    • gimp2Plugins.gmic
    • gimp2-with-plugins
    • gimp2Plugins.bimp
    • gimp2Plugins.lightning
    • gimp2Plugins.texturize
    • gimp2Plugins.lqrPlugin
    • gimp2Plugins.gimplensfun
    • gimpPlugins.resynthesizer
    • gimp2Plugins.waveletSharpen
    • gimp2Plugins.farbfeld
    • gimp3-with-plugins
    • gimpPlugins.lightning
    • gimp2Plugins.fourier
    • gimpPlugins.gmic
    • gimpPlugins.gimp
    • zigimports
  • @LeSuisse accepted
  • @LeSuisse published on GitHub
Gimp: gimp: heap buffer overflow in read_channel_data()

A flaw was found in GIMP's Paint Shop Pro (PSP) file format parser. This heap buffer overflow vulnerability allows a remote attacker to cause arbitrary code execution or a denial of service (DoS) by tricking a user into opening a specially crafted PSP image file. The vulnerability occurs because the software incorrectly calculates buffer sizes when processing low bit-depth images, leading to an overwrite of adjacent memory.

Affected products

gimp
gimp:2.8/gimp

Matching in nixpkgs

pkgs.gimp

GNU Image Manipulation Program

pkgs.gimp3

GNU Image Manipulation Program

Ignored packages (19)

pkgs.zigimports

Automatically remove unused imports and globals from Zig files

pkgs.gimp2Plugins.bimp

Batch Image Manipulation Plugin for GIMP

  • nixos-unstable 2.6
    • nixpkgs-unstable 2.6
    • nixos-unstable-small 2.6
  • nixos-26.05 2.6
    • nixos-26.05-small 2.6
    • nixpkgs-26.05-darwin 2.6

Package maintainers