CVE-2026-4887
Published: 26 March 2026
Summary
CVE-2026-4887 is a medium-severity Off-by-one Error (CWE-193) vulnerability in Gimp Gimp. Its CVSS base score is 6.1 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 9.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the heap buffer over-read by requiring timely application of vendor patches for GIMP's PCX loader vulnerability.
Provides memory protection mechanisms such as address space layout randomization and non-executable memory to mitigate heap over-reads, info disclosure, and crashes.
Requires validation of PCX file inputs to detect and reject malformed files that trigger the off-by-one error in GIMP's loader.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability is triggered by user opening a crafted PCX file (T1204.002 Malicious File) and produces application crash/DoS via out-of-bounds read exploitation (T1499.004 Application or System Exploitation).
NVD Description
A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image.…
more
Successful exploitation could lead to out-of-bounds memory disclosure and a possible application crash, resulting in a Denial of Service (DoS).
Deeper analysisAI
CVE-2026-4887 is a heap buffer over-read vulnerability in the PCX file loader of GIMP, stemming from an off-by-one error. This flaw affects the GIMP image editing software, as documented in the CVE published on 2026-03-26. It is classified under CWE-193 (Off-by-one Error) with a CVSS v3.1 base score of 6.1 (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H).
A remote attacker can exploit this vulnerability by convincing a user to open a specially crafted PCX image file. Exploitation triggers an out-of-bounds memory read, potentially disclosing sensitive memory contents and causing an application crash that results in a denial-of-service (DoS) condition.
Advisories and patches addressing this issue are detailed in Red Hat's security notice at https://access.redhat.com/security/cve/CVE-2026-4887, Red Hat Bugzilla entry https://bugzilla.redhat.com/show_bug.cgi?id=2451669, and GIMP's GitLab issue tracker at https://gitlab.gnome.org/GNOME/gimp/-/issues/15960.
Details
- CWE(s)