CVE-2026-4887

CVE Database · CVE-2026-4887

CVE-2026-4887

· MEDIUMModified

CVSS v3.1

6.1

EPSS

0.63%

Published

Mar 26, 2026

Modified

Jun 15, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory disclosure and a possible application crash, resulting in a Denial of Service (DoS).

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

Weaknesses (CWE)

CWE-193

Affected Products (8)

gimp · gimp (up to 3.2.0)vulnerable

gimp · gimpvulnerable

redhat · enterprise_linux

References (13)

https://access.redhat.com/errata/RHSA-2026:16484

https://access.redhat.com/errata/RHSA-2026:17533

https://access.redhat.com/errata/RHSA-2026:19362