Cyber Resilience

CVE-2026-4887

MediumPublic PoCUpdated

Published: 26 March 2026

Published
26 March 2026
Modified
26 May 2026
KEV Added
Patch
CVSS Score v3.1 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
EPSS Score 0.0005 16.1th percentile
Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-4887 is a medium-severity Off-by-one Error (CWE-193) vulnerability in Gimp Gimp. Its CVSS base score is 6.1 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 16.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-4887 is a heap buffer over-read vulnerability in the PCX file loader of GIMP, stemming from an off-by-one error. This flaw affects the GIMP image editing software, as documented in the CVE published on 2026-03-26. It is classified under CWE-193 (Off-by-one Error) with a CVSS v3.1 base score of 6.1 (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H).

A remote attacker can exploit this vulnerability by convincing a user to open a specially crafted PCX image file. Exploitation triggers an out-of-bounds memory read, potentially disclosing sensitive memory contents and causing an application crash that results in a denial-of-service (DoS) condition.

Advisories and patches addressing this issue are detailed in Red Hat's security notice at https://access.redhat.com/security/cve/CVE-2026-4887, Red Hat Bugzilla entry https://bugzilla.redhat.com/show_bug.cgi?id=2451669, and GIMP's GitLab issue tracker at https://gitlab.gnome.org/GNOME/gimp/-/issues/15960.

EU & UK References

Vulnerability details

A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image.…

more

Successful exploitation could lead to out-of-bounds memory disclosure and a possible application crash, resulting in a Denial of Service (DoS).

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Vulnerability is triggered by user opening a crafted PCX file (T1204.002 Malicious File) and produces application crash/DoS via out-of-bounds read exploitation (T1499.004 Application or System Exploitation).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-5673Same product: Redhat Enterprise Linux
CVE-2026-3442Same product: Redhat Enterprise Linux
CVE-2026-4271Same product: Redhat Enterprise Linux
CVE-2026-2436Same product: Redhat Enterprise Linux
CVE-2026-9064Same product: Redhat Enterprise Linux
CVE-2025-32990Same product: Redhat Enterprise Linux
CVE-2026-2100Same product: Redhat Enterprise Linux
CVE-2026-35092Same product: Redhat Enterprise Linux
CVE-2026-3441Same product: Redhat Enterprise Linux
CVE-2026-35091Same product: Redhat Enterprise Linux

Affected Assets

gimp
gimp
3.2.0 · ≤ 3.2.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

preventrecover

Directly mitigates the heap buffer over-read by requiring timely application of vendor patches for GIMP's PCX loader vulnerability.

prevent

Provides memory protection mechanisms such as address space layout randomization and non-executable memory to mitigate heap over-reads, info disclosure, and crashes.

prevent

Requires validation of PCX file inputs to detect and reject malformed files that trigger the off-by-one error in GIMP's loader.

References