CVE Catalog

CVE-2026-4887

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.63%

46th percentile - higher than 46% of all known CVEs

Summary

A flaw was found in GIMP, which is a heap buffer over-read in the PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image.

Risk Assessment

Successful exploitation could lead to out-of-bounds memory disclosure and a possible application crash, resulting in a Denial of Service (DoS).

Recommendation

It is recommended to update GIMP to the latest version to mitigate this vulnerability and to avoid opening unknown PCX files.

Original NVD description (English source)

A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory disclosure and a possible application crash, resulting in a Denial of Service (DoS).

Vulnerability data from NVD (NIST) · CISA KEV · EPSS