Skip to main content

libXpm CVE-2026-4367

| EUVDEUVD-2026-37136 MEDIUM
Out-of-bounds Read (CWE-125)
5.5
CVSS 3.1 · Vendor
Share

Severity by source

Vendor (CNA) PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
6.1 MEDIUM

Local vector and low privileges required; C:L added over official C:N because CWE-125 OOB reads and the 'Information Disclosure' tag indicate potential memory exposure.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
6.3 MEDIUM
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
Red Hat
5.5 MEDIUM
qualitative

Primary rating from Vendor (CNA).

CVSS VectorVendor

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
Analysis Generated
Jun 16, 2026 - 19:27 vuln.today
CVSS changed
Jun 16, 2026 - 19:22 NVD
5.5 (MEDIUM)
CVE Published
Apr 24, 2026 - 12:21 nvd
N/A

Description PRE-NVD

Disclosed via oss-security. NVD scoring and full description are pending.

AnalysisAI

Out-of-bounds read in libXpm's xpmNextWord() parser function can be triggered by a local attacker with low privileges, crashing any X11 application that processes a maliciously crafted XPM image file, resulting in a denial of service. The vulnerability was disclosed via the oss-security mailing list on 2026-04-21 by X.Org and is tracked under CWE-125. No public exploit code or CISA KEV listing has been identified at time of analysis, and the EPSS score was not provided in available intelligence.

Technical ContextAI

libXpm (X PixMap) is the reference library for parsing the XPM image format used throughout X11/X.Org graphical environments on Linux and BSD systems. The xpmNextWord() function is responsible for tokenizing XPM file content during parsing. CWE-125 (Out-of-Bounds Read) indicates that the function reads memory beyond the allocated buffer boundary when processing malformed or attacker-controlled XPM input, which can cause a segmentation fault or application crash. The 'Buffer Overflow' and 'Information Disclosure' tags in the intelligence data suggest the out-of-bounds read may also expose adjacent heap or stack memory contents, a common secondary risk with CWE-125 class vulnerabilities. The upstream fix is referenced by GitLab commit 5448e1bd in the freedesktop.org libXpm repository.

Affected ProductsAI

The vulnerability affects the libXpm library maintained by X.Org/freedesktop.org. Based on the oss-security disclosure dated 2026-04-21 and Red Hat's CVE tracking page at https://access.redhat.com/security/cve/CVE-2026-4367, distributions shipping unpatched versions of libXpm prior to the upstream fix (commit 5448e1bd) are affected. Red Hat's Bugzilla entry at https://bugzilla.redhat.com/show_bug.cgi?id=2448984 is the canonical downstream tracking reference. Exact affected version boundaries are not independently confirmed from the available data - the upstream fix commit should be used to determine the first safe revision. Any Linux or BSD system with an X11 graphical stack running libXpm is potentially in scope.

RemediationAI

The primary remediation is to apply the upstream fix available at the GitLab commit https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/5448e1bd. A specific released and tagged version of libXpm incorporating this fix was not independently confirmed from available data - users should verify with their distribution's security advisories (Red Hat: https://access.redhat.com/security/cve/CVE-2026-4367; Red Hat Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2448984). Until a patched package is available from the OS vendor, a practical compensating control is to restrict which users and processes can supply arbitrary XPM files to applications - for example, configuring mandatory access control policies (SELinux/AppArmor) to confine image-processing applications and preventing untrusted users from providing input files to setuid or privileged processes. Disabling or blocking loading of user-supplied XPM files in affected applications is the most targeted mitigation where operationally feasible.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Server 16.0 SUSE Linux Enterprise Server for SAP applications 16.0 Fixed
openSUSE Leap 16.0 Fixed
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Server 16.0 Affected
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected

Share

CVE-2026-4367 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy