CVE-2026-4367
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
A flaw was found in libXpm. A local user with low privileges could exploit an Out-of-Bounds Read vulnerability in the xpmNextWord() function by processing a specially crafted or very small XPM (X PixMap) image file. This improper validation of file boundaries can cause an internal pointer to read beyond the file's end, leading to application crashes and Denial of Service conditions.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | Red Hat Hardened Images | 3.5.17-7.2.hum1 < * | unaffected |
Weaknesses
- CWE-125: Out-of-bounds Read
Workarounds
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://access.redhat.com/errata/RHSA-2026:30354
- https://access.redhat.com/security/cve/CVE-2026-4367
- https://bugzilla.redhat.com/show_bug.cgi?id=2448984
- https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/5448e1bd
- https://seclists.org/oss-sec/2026/q2/192
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.