CVE-2026-4367

A flaw was found in libXpm. A local user with low privileges could exploit an Out-of-Bounds Read vulnerability in the xpmNextWord function by processing a specially crafted or very small XPM X PixMap image file. This improper validation of file boundaries can cause an internal pointer to read...

MGASA-2026-0186 Updated libxpm packages fix security vulnerability

libXpm Out-of-bounds read in xpmNextWord. CVE-2026-4367...

Astra Linux - уязвимость в libxpm

A vulnerability was discovered in libXpm, where a boundary condition allows a local user to trigger an out-of-bounds read error, thereby reading contents of memory on the system...

Astra Linux - уязвимость в libxpm

A flaw was discovered in libXpm. When processing files with the .Z or .gz extensions, the library calls external programs to compress and uncompress files. This process relies on the PATH environment variable to locate these programs. This vulnerability could allow a malicious user to execute oth...

Amazon Linux 2023 : libXpm, libXpm-devel (ALAS2023-2026-1656)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1656 advisory. As per upstream advisory: libXpm Out-of-bounds read in xpmNextWord CVE-2026-4367 Tenable has extracted the preceding description block directly from the tested product security advisory. Note that Ness...

Medium: libXpm

Issue Overview: As per upstream advisory: libXpm Out-of-bounds read in xpmNextWord CVE-2026-4367 Affected Packages: libXpm Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correctio...

Amazon Linux 2 : libXpm, --advisory ALAS2-2026-3291 (ALAS-2026-3291)

The version of libXpm installed on the remote host is prior to 3.5.12-9. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3291 advisory. As per upstream advisory: libXpm Out-of-bounds read in xpmNextWord CVE-2026-4367 Tenable has extracted the preceding description...

libXpm vulnerable to out-of-bounds read

Overview libXpm provided by X.Org Foundation incorrectly handles malformed XPM files, leading to an out-of-bounds read vulnerability. Out-of-bounds read CWE-125 - CVE-2026-4367 Naoki Wakamatsu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

Astra Linux – Vulnerability in libxpm

A flaw was discovered in libXpm. When processing a file with a width of 0 and a very large height, some parser functions will be called repeatedly, which can lead to an infinite loop. This, in turn, can cause a Denial of Service in the application that uses the library...

Astra Linux – Vulnerability in libxpm

A flaw was discovered in libXpm. This issue occurs when parsing a file with a comment that is not closed properly; the “end-of-file” condition will not be detected, leading to an infinite loop and causing a Denial of Service in the application that uses the library...

JLSEC-2026-285

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH...

JLSEC-2026-287

A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system...

JLSEC-2026-283

A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library...

libXpm-devel-3.5.18-2.1 on GA media (moderate)

libXpm-devel-3.5.18-2.1 on GA media Announcement ID: openSUSE-SU-2026:10608-1 Rating: moderate Cross-References: CVE-2026-4367 CVSS scores: CVE-2026-4367 SUSE : 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2026-4367 SUSE : 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:...

OPENSUSE-SU-2026:10608-1 libXpm-devel-3.5.18-2.1 on GA media

These are all security issues fixed in the libXpm-devel-3.5.18-2.1 package on the GA media of openSUSE Tumbleweed...

[slackware-security] libXpm

New libXpm packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libXpm-3.5.19-i586-1slack15.0.txz: Upgraded. This update fixes a security issue: Out-of-bounds read in xpmNextWord. For more...

Slackware Linux 15.0 / current libXpm Vulnerability (SSA:2026-111-01)

The version of libXpm installed on the remote host is prior to 3.5.19. It is, therefore, affected by a vulnerability as referenced in the SSA:2026-111-01 advisory. New libXpm packages are available for Slackware 15.0 and -current to fix a security issue. Tenable has extracted the preceding...

X.Org libXpm 安全漏洞

X.Org libXpm is a graphics processing library developed by the X.Org Foundation. X.Org libXpm has a security vulnerability that stems from the xpmNextWord function’s ability to read memory segments, which may lead to the extraction of sensitive information...

Linux Distros Unpatched Vulnerability : CVE-2026-4367

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libXpm. A local user with low privileges could exploit an Out-of-Bounds Read vulnerability in the xpmNextWord function by processing a...

CVE-2026-4367

libXpm Out-of-bounds read in xpmNextWord...