Medium severity6.1NVD Advisory· Published Mar 26, 2026· Updated Jun 15, 2026
CVE-2026-4887
CVE-2026-4887
Description
A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory disclosure and a possible application crash, resulting in a Denial of Service (DoS).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
19- osv-coords14 versionspkg:rpm/almalinux/gimppkg:rpm/almalinux/gimp-develpkg:rpm/almalinux/gimp-devel-toolspkg:rpm/almalinux/gimp-libspkg:rpm/almalinux/pygobject2pkg:rpm/almalinux/pygobject2-codegenpkg:rpm/almalinux/pygobject2-develpkg:rpm/almalinux/pygobject2-docpkg:rpm/almalinux/pygtk2pkg:rpm/almalinux/pygtk2-codegenpkg:rpm/almalinux/pygtk2-develpkg:rpm/almalinux/pygtk2-docpkg:rpm/almalinux/python2-cairopkg:rpm/almalinux/python2-cairo-devel
< 2:3.0.4-1.el9_7.5+ 13 more
- (no CPE)range: < 2:3.0.4-1.el9_7.5
- (no CPE)range: < 2:2.8.22-26.module_el8.10.0+4175+c208a0bf.6
- (no CPE)range: < 2:2.8.22-26.module_el8.10.0+4175+c208a0bf.6
- (no CPE)range: < 2:3.0.4-1.el9_7.5
- (no CPE)range: < 2.28.7-5.module_el8.10.0+4175+c208a0bf
- (no CPE)range: < 2.28.7-5.module_el8.10.0+4137+2d0d25cf
- (no CPE)range: < 2.28.7-5.module_el8.10.0+4175+c208a0bf
- (no CPE)range: < 2.28.7-5.module_el8.10.0+4137+2d0d25cf
- (no CPE)range: < 2.24.0-25.module_el8.9.0+3725+d1441900
- (no CPE)range: < 2.24.0-25.module_el8.9.0+3725+d1441900
- (no CPE)range: < 2.24.0-25.module_el8.9.0+3725+d1441900
- (no CPE)range: < 2.24.0-25.module_el8.9.0+3725+d1441900
- (no CPE)range: < 1.16.3-7.module_el8.10.0+3952+571e801c
- (no CPE)range: < 1.16.3-7.module_el8.10.0+4175+c208a0bf
Patches
Vulnerability mechanics
References
13- gitlab.gnome.org/GNOME/gimp/-/issues/15960nvdExploitIssue Tracking
- access.redhat.com/security/cve/CVE-2026-4887nvdMitigationVendor Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingVendor Advisory
- access.redhat.com/errata/RHSA-2026:16484nvd
- access.redhat.com/errata/RHSA-2026:17533nvd
- access.redhat.com/errata/RHSA-2026:19362nvd
- access.redhat.com/errata/RHSA-2026:20552nvd
- access.redhat.com/errata/RHSA-2026:20553nvd
- access.redhat.com/errata/RHSA-2026:20554nvd
- access.redhat.com/errata/RHSA-2026:20691nvd
- access.redhat.com/errata/RHSA-2026:25899nvd
- access.redhat.com/errata/RHSA-2026:25901nvd
- access.redhat.com/errata/RHSA-2026:25907nvd
News mentions
0No linked articles in our index yet.