CVE-2026-4887 is a vulnerability identified in the GIMP image manipulation program bundled with Red Hat Enterprise Linux 6. The flaw is an off-by-one error in the PCX file loader component, which leads to a heap buffer over-read when processing specially crafted PCX image files. This memory over-read can cause the application to disclose memory contents beyond the intended buffer boundaries, potentially leaking sensitive information from the process memory space. Additionally, the out-of-bounds read can trigger application instability and crashes, resulting in denial of service conditions. Exploitation requires a local user to open a malicious PCX file, thus user interaction is necessary, and no elevated privileges are required. The vulnerability is scored 6.1 on the CVSS v3.1 scale, with attack vector local, low attack complexity, no privileges required, user interaction required, and impacts limited to confidentiality (low) and availability (high). No known exploits have been reported in the wild, and no patches or mitigations are explicitly linked in the provided data. The issue stems from improper bounds checking in the PCX loader code, a classic off-by-one programming error that allows reading memory just beyond the allocated buffer.

The primary impact of CVE-2026-4887 is denial of service due to application crashes when opening malicious PCX files in GIMP on RHEL 6 systems. This can disrupt workflows for users relying on GIMP for image editing. The secondary impact is limited information disclosure from out-of-bounds memory reads, which could potentially leak sensitive data from the application's memory space, though the extent and sensitivity of such data are uncertain. Since exploitation requires user interaction and local access, remote exploitation is not feasible without social engineering. Organizations with RHEL 6 systems used in environments where users handle untrusted image files are at risk. The vulnerability does not affect system integrity or allow privilege escalation, limiting its severity. However, denial of service in critical environments could cause operational disruptions. Given RHEL 6's age, many organizations may have migrated away, but legacy systems remain vulnerable if GIMP is installed and used.

To mitigate CVE-2026-4887, organizations should first apply any available patches or updates from Red Hat that address the GIMP PCX loader vulnerability. If patches are not yet available, consider disabling or uninstalling GIMP on RHEL 6 systems where it is not essential. Restrict user ability to open untrusted or unsolicited PCX image files, especially from external sources or email attachments, through user training and endpoint security controls. Implement application whitelisting or sandboxing to limit the impact of potential crashes. Monitor systems for abnormal GIMP crashes or suspicious activity related to image file handling. For environments requiring GIMP, consider upgrading to a supported OS version with updated GIMP packages. Additionally, review and harden local user permissions to minimize risk from local exploitation. Network-level controls can help prevent delivery of malicious PCX files, but user interaction remains a key factor.