What is GHSA-wmqx-rmqw-vxp8?

GHSA-wmqx-rmqw-vxp8 is a security advisory published by GitHub Security Advisories with Medium severity. A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an...

Which CVE IDs does GHSA-wmqx-rmqw-vxp8 cover?

GHSA-wmqx-rmqw-vxp8 covers the following CVE IDs: CVE-2026-4887. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-wmqx-rmqw-vxp8?

GHSA-wmqx-rmqw-vxp8 has a CVSS v3 base score of 6.1, published by GitHub Security Advisories.

GHSA-wmqx-rmqw-vxp8MediumCVSS 6.1

A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an...

Vendor

GitHub Security Advisories

Published

March 26, 2026

Last Modified

May 20, 2026

🔗 CVE IDs covered (1)

CVE-2026-4887 →

📋 Description

A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory disclosure and a possible application crash, resulting in a Denial of Service (DoS).

🔗 References (8)

https://nvd.nist.gov/vuln/detail/CVE-2026-4887
https://access.redhat.com/security/cve/CVE-2026-4887
https://bugzilla.redhat.com/show_bug.cgi?id=2451669
https://gitlab.gnome.org/GNOME/gimp/-/issues/15960
https://access.redhat.com/errata/RHSA-2026:16484
https://access.redhat.com/errata/RHSA-2026:17533
https://access.redhat.com/errata/RHSA-2026:19362
https://github.com/advisories/GHSA-wmqx-rmqw-vxp8