A flaw was found in GIMP's Paint Shop Pro (PSP) file format parser. This heap buffer overflow vulnerability allows a remote attacker to cause arbitrary code execution or a denial of service (DoS) by tricking a user into opening a specially crafted PSP image file. The vulnerability occurs because the software incorrectly calculates buffer sizes when processing low bit-depth images, leading to an overwrite of adjacent memory.
Casky was already ahead
This CVE exploits attack patterns that Casky's 0matched skills already investigate — long before this vulnerability was disclosed. Claude's reasoning model maps these techniques to MITRE ATT&CK, so practitioners who ran these skills have already seen the threat behaviour in their findings.
CVE-2026-58379 is a heap buffer overflow vulnerability in GIMP's Paint Shop Pro (PSP) file format parser that stems from incorrect buffer size calculations when processing low bit-depth images. With a CVSS score of 7.3, this vulnerability poses a significant threat to users who work with image files, including designers, photographers, and content creators across Windows, macOS, and Linux platforms. An attacker can exploit this flaw by distributing specially crafted PSP files through email, file sharing platforms, or compromised websites, leading to arbitrary code execution or denial of service when a victim opens the malicious image in GIMP. The vulnerability's reach extends beyond individual users to organizations that process untrusted image files as part of their workflow.
While this CVE does not currently map to specific MITRE ATT&CK techniques, Casky's Claude-powered analysis engine would detect the attack patterns associated with this vulnerability by identifying suspicious file processing behaviors and memory corruption indicators. Practitioners using Casky would observe findings related to CWE-122 (Heap-based Buffer Overflow) detection, including anomalous memory writes during PSP file parsing, unexpected process termination patterns, or code execution attempts originating from image processing libraries. The platform's extended reasoning capabilities would correlate these indicators with file type handling vulnerabilities, enabling security teams to identify exploitation attempts even when they don't fit traditional ATT&CK categorizations. By monitoring file interactions, process memory behavior, and GIMP's parsing operations, Casky helps practitioners defend against this class of memory corruption attacks before arbitrary code execution occurs.
Composite risk scoring from EPSS, CISA KEV, Shodan, and GreyNoise — 21 security APIs correlated into a single Casky Risk Score. Coming in Casky Pro. Join early access →
Casky has 0 skills that investigate the attack patterns behind CVE-2026-58379. Run one and get CVSS-scored findings in 3 minutes.
Run the skill that detects this →© 2026 Casky.AI, Inc. · AI Security Investigation