CVE-2026-4887
Modified Modified - Updated After Analysis
Heap Buffer Over-read in GIMP PCX Loader Causes DoS

Publication date: 2026-03-26

Last updated on: 2026-06-15

Assigner: Red Hat, Inc.

Description
A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory disclosure and a possible application crash, resulting in a Denial of Service (DoS).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-26
Last Modified
2026-06-15
Generated
2026-06-16
AI Q&A
2026-03-26
EPSS Evaluated
2026-06-14
NVD
CVE-2026-4887
EUVD
EUVD-2026-16166
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
gimp gimp 3.2.0
gimp gimp 3.2.0
gimp gimp 3.2.0
gimp gimp to 3.2.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-193 A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a flaw in GIMP's PCX file loader caused by an off-by-one error in the bytesperline validation logic. It results in a heap buffer over-read, meaning GIMP reads beyond the allocated memory buffer when opening a specially crafted PCX image.

An attacker can exploit this by convincing a user to open a malicious PCX file, which can cause GIMP to disclose out-of-bounds memory and potentially crash the application.

Impact Analysis

Exploitation of this vulnerability can lead to out-of-bounds memory disclosure, which may expose sensitive information from the application's memory.

Additionally, it can cause the application to crash, resulting in a Denial of Service (DoS) condition.

However, exploitation requires user interaction, specifically opening a maliciously crafted PCX file.

Detection Guidance

This vulnerability occurs when a user opens a specially crafted PCX image in GIMP, leading to a heap buffer over-read. Detection involves identifying attempts to open or process malicious PCX files with GIMP.

Since exploitation requires user interaction, monitoring for suspicious PCX files or unusual GIMP crashes can help detect potential exploitation.

No specific detection commands or network signatures are provided in the available information.

Mitigation Strategies

To mitigate this vulnerability, avoid opening PCX image files from untrusted or unknown sources in GIMP.

Apply any available patches or updates to GIMP that address this off-by-one error in the PCX file loader as soon as they are released.

Consider restricting user permissions or using application sandboxing to limit the impact of a potential exploit.

Compliance Impact

The vulnerability in GIMP's PCX file loader could potentially lead to out-of-bounds memory disclosure if exploited. Such memory disclosure might expose sensitive information processed by the application, which could impact compliance with data protection regulations like GDPR or HIPAA that require safeguarding personal or sensitive data.

However, exploitation requires user interaction and involves opening a specially crafted PCX file, which limits the risk to some extent. There is no direct information indicating that this vulnerability specifically compromises regulated data or leads to a breach of compliance standards.

Therefore, while the vulnerability could pose a risk to data confidentiality and availability, its impact on compliance with standards such as GDPR or HIPAA depends on the context in which GIMP is used and the nature of the data handled.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-4887. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart