CVE-2026-4887 PUBLISHED

Gimp: gimp:memory disclosure and denial of service via specially crafted pcx image

Assigner: redhat
Reserved: 26.03.2026 Published: 26.03.2026 Updated: 26.03.2026

A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory disclosure and a possible application crash, resulting in a Denial of Service (DoS).

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
CVSS Score: 6.1

Attack Vector	Local	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	Low
Privileges Required	None	Integrity Impact	None
User Interaction	Required	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Red Hat
Product	Red Hat Enterprise Linux 6
Versions	Default: unknown

Vendor	Red Hat
Product	Red Hat Enterprise Linux 7
Versions	Default: affected

Vendor	Red Hat
Product	Red Hat Enterprise Linux 8
Versions	Default: affected

Vendor	Red Hat
Product	Red Hat Enterprise Linux 9
Versions	Default: affected

Workarounds

Users should avoid opening untrusted PCX image files with GIMP. If GIMP is not required, consider removing the gimp package to eliminate this attack vector.

CVE-2026-4887 PUBLISHED

Gimp: gimp:memory disclosure and denial of service via specially crafted pcx image

Metrics

Product Status

Workarounds

Credits

References

Problem Types