CVE-2026-4367
5.5 MEDIUMA flaw was found in libXpm
Published: 2026-06-16 · Last updated: 2026-06-16
Severity and scoring
- CVSS
- 5.5 MEDIUM
- Vector
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
- CWE
- CWE-125
Description
A flaw was found in libXpm. A local user with low privileges could exploit an Out-of-Bounds Read vulnerability in the `xpmNextWord()` function by processing a specially crafted or very small XPM (X PixMap) image file. This improper validation of file boundaries can cause an internal pointer to read beyond the file's end, leading to application crashes and Denial of Service conditions.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-4367
- [Other]https://access.redhat.com/security/cve/CVE-2026-4367
- [Other]https://bugzilla.redhat.com/show_bug.cgi?id=2448984
- [Other]https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/5448e1bd
- [Other]https://seclists.org/oss-sec/2026/q2/192
- [Other]http://www.openwall.com/lists/oss-security/2026/04/21/3
Related CVEs
Same CWE
- CVE-2026-47963 — DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive me... (5.5 MEDIUM)
- CVE-2026-47934 — DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive me... (5.5 MEDIUM)
- CVE-2026-47927 — DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive me... (5.5 MEDIUM)
- CVE-2026-47748 — stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inf... (5.5 MEDIUM)
- CVE-2026-12314 — Memory safety bug fixed in Thunderbird 152 (7.5 HIGH)