CVE-2026-4367
Libxpm: libxpm: denial of service via out-of-bounds read in xpm file parsing
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 5.5EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Ciclo de vida
16 jun 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A flaw was found in libXpm. A local user with low privileges could exploit an Out-of-Bounds Read vulnerability in the `xpmNextWord()` function by processing a specially crafted or very small XPM (X PixMap) image file. This improper validation of file boundaries can cause an internal pointer to read beyond the file's end, leading to application crashes and Denial of Service conditions.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Produtos afetados
Red Hat · Red Hat Enterprise Linux 10Red Hat · Red Hat Enterprise Linux 6Red Hat · Red Hat Enterprise Linux 7Red Hat · Red Hat Enterprise Linux 8Red Hat · Red Hat Enterprise Linux 9Red Hat · Red Hat Hardened ImagesReferências
https://access.redhat.com/errata/RHSA-2026:30354https://access.redhat.com/security/cve/CVE-2026-4367https://bugzilla.redhat.com/show_bug.cgi?id=2448984https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/5448e1bdhttps://seclists.org/oss-sec/2026/q2/192http://www.openwall.com/lists/oss-security/2026/04/21/3