CVE-2026-4887

high

Published 2026-05-12 · Modified 2026-05-14

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

7.1

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

CVSS v4 NEW

—

not yet in upstream

VIR risk

7.1

Description

Important: gimp security update

Predictions

Exploit likelihood

70%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Red Hat Errata — Red Hat Inc. · View original ↗ · Open-Errata-API

Description gimp: GIMP:Memory disclosure and denial of service via specially crafted PCX image Red Hat statement Moderate: This flaw in GIMP's PCX file loader is due to a heap buffer over-read. Exploitation requires user interaction, specifically opening a specially crafted PCX image file. Red Hat Enterprise Linux systems are affected if GIMP is installed and used to open untrusted PCX files.…

Description

gimp: GIMP:Memory disclosure and denial of service via specially crafted PCX image

Red Hat statement

Moderate: This flaw in GIMP's PCX file loader is due to a heap buffer over-read. Exploitation requires user interaction, specifically opening a specially crafted PCX image file. Red Hat Enterprise Linux systems are affected if GIMP is installed and used to open untrusted PCX files.

CVSS v3: 6.1 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H)

Errata / fixed releases

Product	Package	Advisory	Released
Red Hat Enterprise Linux 8	`gimp:2.8-8100020260512115927.4c9c024f`	RHSA-2026:17533	2026-05-14T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	`gimp:2.8-8040020260520140422.70584597`	RHSA-2026:20552	2026-05-26T00:00:00Z
Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On	`gimp:2.8-8040020260520140422.70584597`	RHSA-2026:20552	2026-05-26T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	`gimp:2.8-8060020260520140100.6af1eaf0`	RHSA-2026:20553	2026-05-26T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Service	`gimp:2.8-8060020260520140100.6af1eaf0`	RHSA-2026:20553	2026-05-26T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	`gimp:2.8-8060020260520140100.6af1eaf0`	RHSA-2026:20553	2026-05-26T00:00:00Z
Red Hat Enterprise Linux 8.8 Telecommunications Update Service	`gimp:2.8-8080020260520102644.0621e4ee`	RHSA-2026:20554	2026-05-26T00:00:00Z
Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions	`gimp:2.8-8080020260520102644.0621e4ee`	RHSA-2026:20554	2026-05-26T00:00:00Z
Red Hat Enterprise Linux 9	`gimp-2:3.0.4-1.el9_7.5`	RHSA-2026:16484	2026-05-12T00:00:00Z
Red Hat Enterprise Linux 9	`gimp-2:3.0.4-4.el9_8.4`	RHSA-2026:19362	2026-05-19T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	`gimp-2:2.99.8-3.el9_0.6`	RHSA-2026:20691	2026-05-26T00:00:00Z

Package state

Product	Package	State
Red Hat Enterprise Linux 6	`gimp`	Out of support scope
Red Hat Enterprise Linux 7	`gimp`	Affected

Apply commands

bash fix

Apply RHSA-2026:17533 for Red Hat Enterprise Linux 8

yum update -y gimp:2
# or:
dnf upgrade -y gimp:2

Affected

Vendor	Product	Version
redhat	Red Hat Enterprise Linux 7	`Affected`

OS impact

OS	Version	Status	Fixed in
rhel	9	fixed
debian	bookworm	affected
debian	bullseye	affected
debian	forky	fixed	`3.2.0-1`
debian	sid	fixed	`3.2.0-1`
debian	trixie	affected
sles		affected
rhel	6.0	not-affected
rhel	7.0	not-affected
rhel	8.0	not-affected
rhel	9.0	not-affected
almalinux	9	fixed	`gimp-libs-3.0.4-1.el9_7.5.aarch64.rpm`

Application impact

Vendor	Product	Versions	Fixed
gimp	gimp	`{"endExcluding":"3.2.0"}`	`3.2.0`
gimp	gimp	`3.2.0`

References

CWEs

CWE-193

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.