CVE-2026-4887 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2026-4887

CVE-2026-4887

March 26, 2026

A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory disclosure and a possible application crash, resulting in a Denial of Service (DoS).

Affected Packages

https://github.com/GNOME/gimp.git (GITHUB):

Affected version(s) >=gimp <GIMP_3_2_0

Fix Suggestion:

Update to version GIMP_3_2_0

https://github.com/GNOME/gimp.git (GITHUB):

Affected version(s) >=gimp <GIMP_3_2_0

Fix Suggestion:

Update to version GIMP_3_2_0

https://github.com/GNOME/gimp.git (GITHUB):

Affected version(s) >=gimp <GIMP_3_2_0

Fix Suggestion:

Update to version GIMP_3_2_0

https://github.com/GNOME/gimp.git (GITHUB):

Affected version(s) >=gimp <GIMP_3_2_0

Fix Suggestion:

Update to version GIMP_3_2_0

https://github.com/GNOME/gimp.git (GITHUB):

Affected version(s) >=gimp <GIMP_3_2_0

Fix Suggestion:

Update to version GIMP_3_2_0

Related Resources (3)

https://bugzilla.redhat.com/show_bug.cgi?id=2451669

https://gitlab.gnome.org/GNOME/gimp/-/issues/15960

https://access.redhat.com/security/cve/CVE-2026-4887

Do you need more information?

CVSS v4

Base Score:

6.9

Attack Vector

LOCAL

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

PASSIVE

Vulnerable System Confidentiality

LOW

Vulnerable System Integrity

NONE

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

6.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

HIGH

Weakness Type (CWE)

Off-by-one Error

EPSS

Base Score:

0.06