CVE-2026-4887 MEDIUM

CVE-2026-4887: Gimp: gimp:memory disclosure and denial of service via specially crafted pcx image

Vendor Red Hat
Product Red Hat Enterprise Linux 6
Weakness CWE-193
Published March 26, 2026
Last update June 15, 2026

CVSS base score

6.1/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

What the vulnerability does

01Description

A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory disclosure and a possible application crash, resulting in a Denial of Service (DoS).

Key dates

02Disclosure timeline

March 26, 2026 CVE published
June 15, 2026 Record updated