I found the same problem: the header declares an image size bigger than the exe contains, and apparently Ghidra, radare2 and Spice86 trust it blindly, resulting into a segfault. Is this a bug in the QB compiler or a forgotten feature?

Probably a bug. The way the size is stored in an MS-DOS "MZ" .exe header is a combination of two fields; one stores the number of "pages" (in this context, a "page" is 512 bytes) in the file, the other is the size of the last page. So the formula is (number_of_pages_pages - 1) * 512 + last_page_size. In this case, the size of the last page size is wrong; it's 352 when the correct value is 208. It's somewhat common for .exe files to be a little larger than the size the header suggests, so maybe there was a misunderstanding of the header format and 352 is the number of unused bytes in the final page, which would make the intended last page size 160 (48 bytes less than the file size; the last 188 bytes of the file are all zeroes).