7.1
CVE-2026-4887
- EPSS 0.63%
- Veröffentlicht 26.03.2026 12:08:47
- Zuletzt bearbeitet 15.06.2026 03:16:24
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Gimp: gimp:memory disclosure and denial of service via specially crafted pcx image
A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory disclosure and a possible application crash, resulting in a Denial of Service (DoS).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Gimp ≫ Gimp Version < 3.2.0
Redhat ≫ Enterprise Linux Version6.0
Redhat ≫ Enterprise Linux Version7.0
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Version9.0
Redhat ≫ Enterprise Linux Version7.0
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Version9.0
Gimp ≫ Gimp Version3.2.0 Updaterc1
Redhat ≫ Enterprise Linux Version6.0
Redhat ≫ Enterprise Linux Version7.0
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Version9.0
Redhat ≫ Enterprise Linux Version7.0
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Version9.0
Gimp ≫ Gimp Version3.2.0 Updaterc2
Redhat ≫ Enterprise Linux Version6.0
Redhat ≫ Enterprise Linux Version7.0
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Version9.0
Redhat ≫ Enterprise Linux Version7.0
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Version9.0
Gimp ≫ Gimp Version3.2.0 Updaterc3
Redhat ≫ Enterprise Linux Version6.0
Redhat ≫ Enterprise Linux Version7.0
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Version9.0
Redhat ≫ Enterprise Linux Version7.0
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Version9.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.63% | 0.455 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.1 | 1.8 | 5.2 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
|
| secalert@redhat.com | 6.1 | 1.8 | 4.2 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
|
CWE-193 Off-by-one Error
A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.
https://access.redhat.com/security/cve/CVE-2026-4887
https://bugzilla.redhat.com/show_bug.cgi?id=2451669
https://gitlab.gnome.org/GNOME/gimp/-/issues/15960
https://access.redhat.com/errata/RHSA-2026:16484
https://access.redhat.com/errata/RHSA-2026:17533
https://access.redhat.com/errata/RHSA-2026:19362
https://access.redhat.com/errata/RHSA-2026:20552
https://access.redhat.com/errata/RHSA-2026:20553
https://access.redhat.com/errata/RHSA-2026:20554
https://access.redhat.com/errata/RHSA-2026:20691
https://access.redhat.com/errata/RHSA-2026:25899
https://access.redhat.com/errata/RHSA-2026:25901
https://access.redhat.com/errata/RHSA-2026:25907