CVE-2026-4887

Name
CVE-2026-4887
Description
A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory disclosure and a possible application crash, resulting in a Denial of Service (DoS).
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
secalert@redhat.com https://access.redhat.com/security/cve/CVE-2026-4887
secalert@redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2451669
secalert@redhat.com https://gitlab.gnome.org/GNOME/gimp/-/issues/15960

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:* gimp >= None < 3.2.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
gimp edge-community 3.0.4-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
gimp edge-community 3.0.4-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
gimp edge-community 3.0.2-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
gimp edge-community 3.0.0-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
gimp edge-community 2.10.38-r3 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
gimp edge-community 2.10.36-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
gimp edge-community 2.8.22-r2 None possibly vulnerable
gimp 3.23-community 3.0.4-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable