Impact
A stack buffer overflow in GIMP’s PNM file format parser occurs in the pnmscanner_gettoken() function when it writes a null terminator one byte past the end of a stack‑allocated buffer due to an off‑by‑one error. This flaw can corrupt memory and may lead to a denial of service or even arbitrary code execution, depending on how the attacker crafts the PNM file and the privileges of the process reading it.
Affected Systems
The vulnerability affects the GNOME GIMP application bundled with Red Hat Enterprise Linux 6, 7, 8 and 9. All versions of GIMP that contain the unpatched pnmscanner_gettoken() routine are impacted; the specific package versions are not listed, but any RHEL distribution containing the vulnerable GIMP release is vulnerable.
Risk and Exploitability
The CVSS score of 7.3 indicates a high severity, while the EPSS score of less than 1% suggests a very low but nonzero exploitation probability, and the flaw is not currently listed in the CISA KEV catalog. The required input is a specially crafted PNM file, so the attack vector is likely local or remote if the application is exposed to untrusted files. An attacker would need the ability to provide a PNM file to the application and, if the process runs with elevated privileges, could potentially gain code execution. The lack of an official workaround underscores the importance of applying a patch.
OpenCVE Enrichment