Bug 2497430 (CVE-2026-58383) - CVE-2026-58383 gimp: gimp: Heap buffer overflow via bpp=0 infinite loop in ReadJeffsImage()
Summary: CVE-2026-58383 gimp: gimp: Heap buffer overflow via bpp=0 infinite loop in Re...
Keywords:
Status: NEW
Alias: CVE-2026-58383
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-07-06 18:53 UTC by OSIDB Bzimport
Modified: 2026-07-07 07:44 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2026-07-06 18:53:29 UTC
Heap buffer overflow WRITE via infinite loop in GIMP's Jeff's Image Format (JIF) parser. In ReadJeffsImage() in file-gif-load.c, when bpp is 0 from the JIF header, the inner loop for (j = 0; j < 8; j += bpp) never advances and writes unboundedly past the heap buffer.

- Function: ReadJeffsImage()
- File: plug-ins/common/file-gif-load.c:1509-1635
- Fix: https://gitlab.gnome.org/GNOME/gimp/-/commit/fb63e036
- Upstream issue: https://gitlab.gnome.org/GNOME/gimp/-/issues/16213
- Acknowledgment: bb1abu


Note You need to log in before you can comment on or make changes to this bug.