PatchSiren cyber security CVE debrief

CVE-2026-4887 Red Hat CVE debrief

A heap buffer over-read vulnerability exists in the GIMP PCX file loader due to an off-by-one error. The flaw allows a remote attacker to trigger out-of-bounds memory disclosure and application crash via a specially crafted PCX image file. The vulnerability affects GIMP versions prior to 3.2.0, including release candidates 3.2.0-rc1, -rc2, and -rc3. The issue was published on March 26, 2026, with the CVE record modified on May 20, 2026. Red Hat has issued multiple security advisories addressing this vulnerability across Enterprise Linux distributions. The GNOME GitLab issue tracker contains additional technical details and exploit information.

Vendor: Red Hat
Product: Red Hat Enterprise Linux 8
CVSS: MEDIUM 6.1
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-03-26
Original CVE updated: 2026-05-20
Advisory published: 2026-03-26
Advisory updated: 2026-05-20

Who should care

Organizations and individuals using GIMP for image editing, particularly those processing PCX files from untrusted sources. System administrators managing Red Hat Enterprise Linux deployments with GIMP installations. Security teams monitoring image parsing vulnerabilities in desktop applications.

Technical summary

The vulnerability resides in GIMP's PCX (PiCture eXchange) file format loader. An off-by-one error in bounds checking leads to a heap buffer over-read condition when processing malformed PCX image files. The flaw can be triggered when a user opens a malicious PCX file, resulting in out-of-bounds memory disclosure and potential application crash. The attack requires local attack vector with user interaction, as the victim must open the crafted file. Confidentiality impact is low (limited memory disclosure), while availability impact is high (application crash/DoS). No integrity impact is associated with this vulnerability. The issue was assigned CWE-193 for off-by-one error classification.

Defensive priority

medium

Recommended defensive actions

Apply vendor patches from Red Hat security advisories when available for affected Enterprise Linux systems
Upgrade GIMP to version 3.2.0 or later to eliminate the vulnerability
Implement user awareness training to avoid opening untrusted image files from unknown sources
Consider application sandboxing or containerization to limit impact of potential exploitation
Monitor GNOME GitLab issue tracker for upstream fix details and additional technical information

Evidence notes

CVE description confirms heap buffer over-read in PCX loader. CPE criteria specify affected versions: all GIMP versions before 3.2.0, plus 3.2.0-rc1 through -rc3. CVSS 3.1 vector AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H yields score 6.1 (MEDIUM). CWE-193 (Off-by-one Error) identified as root cause. Red Hat errata RHSA-2026:16484, RHSA-2026:17533, RHSA-2026:19362 provide patch availability. GNOME GitLab issue #15960 tagged with 'Exploit' per source metadata.

Official resources

CVE-2026-4887 CVE record
CVE.org
CVE-2026-4887 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected]
Source reference
[email protected]
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Mitigation, Vendor Advisory
Mitigation or vendor reference
[email protected] - Issue Tracking, Vendor Advisory
Source reference
[email protected] - Exploit, Issue Tracking

2026-03-26