CVE-2026-58381
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk2th percentile — higher than 2% of all known CVEs
Summary
A double-free vulnerability was found in GIMP's PSP file format parser in the read_layer_block() function. Processing a specially crafted PSP file can cause memory corruption.
Risk Assessment
An attacker could exploit this flaw to cause denial of service or potentially achieve arbitrary code execution in the context of the user running GIMP.
Recommendation
Update GIMP to the latest version containing the fix for CVE-2026-58381 immediately and avoid opening PSP files from untrusted sources.
Original NVD description (English source)
A flaw was found in GIMP's PSP file format parser. A double-free condition occurs in the read_layer_block() function when processing a specially crafted PSP file. This could allow an attacker to cause memory corruption, potentially leading to denial of service or arbitrary code execution.

