Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2026-4887

Опубликовано: 26 мар. 2026
Источник: redhat
CVSS3: 6.1
EPSS Низкий

Описание

A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory disclosure and a possible application crash, resulting in a Denial of Service (DoS).

Отчет

Moderate: This flaw in GIMP's PCX file loader is due to a heap buffer over-read. Exploitation requires user interaction, specifically opening a specially crafted PCX image file. Red Hat Enterprise Linux systems are affected if GIMP is installed and used to open untrusted PCX files.

Меры по смягчению последствий

Users should avoid opening untrusted PCX image files with GIMP. If GIMP is not required, consider removing the gimp package to eliminate this attack vector.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6gimpOut of support scope
Red Hat Enterprise Linux 7gimpFix deferred
Red Hat Enterprise Linux 8gimp:2.8/gimpFix deferred
Red Hat Enterprise Linux 9gimpFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-193
https://bugzilla.redhat.com/show_bug.cgi?id=2451669gimp: GIMP:Memory disclosure and denial of service via specially crafted PCX image

EPSS

Процентиль: 25%
0.00087
Низкий

6.1 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2026-4887

CVSS3: 6.1
ubuntu
13 дней назад

A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory disclosure and a possible application crash, resulting in a Denial of Service (DoS).

nvd логотип

CVE-2026-4887

CVSS3: 6.1
nvd
13 дней назад

A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory disclosure and a possible application crash, resulting in a Denial of Service (DoS).

debian логотип

CVE-2026-4887

CVSS3: 6.1
debian
13 дней назад

A flaw was found in GIMP. This issue is a heap buffer over-read in GIM ...

github логотип

GHSA-wmqx-rmqw-vxp8

CVSS3: 6.1
github
13 дней назад

A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory disclosure and a possible application crash, resulting in a Denial of Service (DoS).

EPSS

Процентиль: 25%
0.00087
Низкий

6.1 Medium

CVSS3