GIMP PCX Loader Heap Buffer Over-read Causing DoS (CVE-2026-4887)
CVE-2026-4887 Published on March 26, 2026

Gimp: gimp:memory disclosure and denial of service via specially crafted pcx image
A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory disclosure and a possible application crash, resulting in a Denial of Service (DoS).

NVD

Vulnerability Analysis

CVE-2026-4887 can be exploited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity, and a high impact on availability.

Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
NONE
Availability Impact:
HIGH

Timeline

Reported to Red Hat.

Made public.

Weakness Type

What is an off-by-five Vulnerability?

A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

CVE-2026-4887 has been classified to as an off-by-five vulnerability or weakness.


Products Associated with CVE-2026-4887

Want to know whenever a new CVE is published for Red Hat Enterprise Linux (RHEL)? stack.watch will email you.

Red Hat Enterprise Linux (RHEL)
 

Affected Versions

Red Hat Enterprise Linux 6: Red Hat Enterprise Linux 7: Red Hat Enterprise Linux 8: Red Hat Enterprise Linux 9: