CVE-2026-4367

A flaw was found in libXpm. A local user with low privileges could exploit an Out-of-Bounds Read vulnerability in the xpmNextWord function by processing a specially crafted or very small XPM X PixMap image file. This improper validation of file boundaries can cause an internal pointer to read...

CVE-2026-4367

A flaw was found in libXpm. A local user with low privileges could exploit an Out-of-Bounds Read vulnerability in the xpmNextWord function by processing a specially crafted or very small XPM X PixMap image file. This improper validation of file boundaries can cause an internal pointer to read...

OESA-2026-2671 gimp security update

The GIMP is an image composition and editing program, which can be used for creating logos and other graphics for Web pages. The GIMP offers many tools and filters, and provides a large image manipulation toolbox, including channel operations and layers, effects, subpixel imaging and antialiasing...

gimp: GIMP: Remote Code Execution via XPM File Parsing Integer Overflow

A flaw was found in GIMP. Remote attackers can exploit this vulnerability by tricking a user into opening a malicious XPM X PixMap image file. This can lead to an an integer overflow during file processing, allowing the attacker to execute arbitrary code on the affected system...

gimp: GIMP: Remote Code Execution via XPM File Parsing Integer Overflow

A flaw was found in GIMP. Remote attackers can exploit this vulnerability by tricking a user into opening a malicious XPM X PixMap image file. This can lead to an an integer overflow during file processing, allowing the attacker to execute arbitrary code on the affected system...

CLSA-2026-1778861508 gimp: Fix of 2 CVEs

CVE-2026-4153: fix heap-based buffer overflow in PSP file parser by computing proper linewidth for bit depths 1 and 4 with small widths - CVE-2026-4154: fix integer overflow and buffer overflow in XPM file parser by adding GIMPMAXIMAGESIZE bounds checks and using gtrynew...

JLSEC-2026-284

A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library...

SUSE-SU-2026:1193-1 Security update for gimp

This update for gimp fixes the following issues: - CVE-2026-4150: PSD File Parsing Integer Overflow Remote Code Execution Vulnerability bsc1259979. - CVE-2026-4153: PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability bsc1259984. - CVE-2026-4154: XPM File Parsing Intege...

CLSA-2026-1773999754 Fix CVE(s): CVE-2026-25898

SECURITY UPDATE: global buffer overflow read via negative pixel index in UIL and XPM image encoders - debian/patches/CVE-2026-25898.patch: clamp negative pixel index values to zero in WriteUILImage, WritePICONImage, and WriteXPMImage before using them as array subscripts into the Cixel table. -...

UBUNTU-CVE-2025-32807

A path traversal vulnerability in FusionDirectory before 1.5 allows remote attackers to read arbitrary files on the host that end with .png and .svg or .xpm for some configurations via the icon parameter of a GET request to geticon.php...

libXpm: Multiple Vulnerabilities

Background The X PixMap image format is an extension of the monochrome X BitMap format specified in the X protocol, and is commonly used in traditional X applications. Description Multiple vulnerabilities have been discovered in libXpm. Please review the CVE identifiers referenced below for...

[SECURITY] [DLA 3603-1] libxpm security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3603-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort October 05, 2023 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 3459-1] libxpm security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3459-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès June 20, 2023 https://wiki.debian.org/LTS -...

SUSE CVE-2004-0687

Multiple stack-based buffer overflows in 1 xpmParseColors in parse.c, 2 ParseAndPutPixels in create.c, and 3 ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file...

SUSE CVE-2004-0783

Stack-based buffer overflow in xpmextractcolor io-xpm.c in the XPM image decoder for gtk+ 2.4.4 gtk2 and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in a...

CentOS: Security Advisory for libXpm (CESA-2023:0377)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

The vulnerability of the ParsePixels() function in the library for working with XPixmap (XPM) libXpm allows a attacker to cause a service failure.

The vulnerability of the ParsePixels function in the library for working with XPixmap XPM files, libXpm, is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures by using a specially created XPM file with a width set to 0...

The vulnerability of the library for working with X Pixmap (XPM) files, libXpm, is related to insecure search paths, allowing attackers to execute arbitrary code with elevated privileges.

The vulnerability of the library for working with X Pixmap XPM files involves the use of the $PATH variable to execute commands responsible for unpacking .Z or .gz files. Exploiting this vulnerability allows an attacker to execute arbitrary code with elevated privileges...

Memory Corruption

The netpbm packages contain a library of functions which support programs for handling various graphics file formats, including .pbm Portable Bit Map, .pgm Portable Gray Map, .pnm Portable Any Map, .ppm Portable Pixel Map, and others. Two heap-based buffer overflow flaws were found in the embedde...

Vulnerability of PHP software, allowing a malicious actor to compromise the accessibility of protected information

The vulnerability in the gdImageCreateFromXpm function in gdxpm.c of the libgd library for PHP allows malicious actors to trigger a denial-of-service attack by using a specially crafted color table in the XPM file. This enables them to cause the application to abort by reassigning a null pointer...