CVE-2026-4887
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk46th percentile - higher than 46% of all known CVEs
Summary
A flaw was found in GIMP, which is a heap buffer over-read in the PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image.
Risk Assessment
Successful exploitation could lead to out-of-bounds memory disclosure and a possible application crash, resulting in a Denial of Service (DoS).
Recommendation
It is recommended to update GIMP to the latest version to mitigate this vulnerability and to avoid opening unknown PCX files.
Original NVD description (English source)
A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory disclosure and a possible application crash, resulting in a Denial of Service (DoS).

