CVE-2026-4367
Libxpm: libxpm: denial of service via out-of-bounds read in xpm file parsing
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 5.5EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Ciclo de vida
16 jun 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A flaw was found in libXpm. A local user with low privileges could exploit an Out-of-Bounds Read vulnerability in the `xpmNextWord()` function by processing a specially crafted or very small XPM (X PixMap) image file. This improper validation of file boundaries can cause an internal pointer to read beyond the file's end, leading to application crashes and Denial of Service conditions.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Productos afectados
Red Hat · Red Hat Enterprise Linux 10Red Hat · Red Hat Enterprise Linux 6Red Hat · Red Hat Enterprise Linux 7Red Hat · Red Hat Enterprise Linux 8Red Hat · Red Hat Enterprise Linux 9Red Hat · Red Hat Hardened ImagesReferencias
https://access.redhat.com/errata/RHSA-2026:30354https://access.redhat.com/security/cve/CVE-2026-4367https://bugzilla.redhat.com/show_bug.cgi?id=2448984https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/5448e1bdhttps://seclists.org/oss-sec/2026/q2/192http://www.openwall.com/lists/oss-security/2026/04/21/3