Description
A flaw was found in libXpm. A local user with low privileges could exploit an Out-of-Bounds Read vulnerability in the `xpmNextWord()` function by processing a specially crafted or very small XPM (X PixMap) image file. This improper validation of file boundaries can cause an internal pointer to read beyond the file's end, leading to application crashes and Denial of Service conditions.
Published: 2026-06-16
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An out‑of‑bounds read in libxpm's xpmNextWord() function allows a local user with low privileges to supply a crafted or very small XPM image file, causing the library to read past the end of the file. This improper boundary validation can lead to application crashes and Denial of Service. The weakness corresponds to CWE‑125. The impact is limited to code that uses libxpm, so an attacker can only disrupt services running on the local machine, not gain remote or elevated privileges.

Affected Systems

Red Hat Enterprise Linux 6 through 10, as well as Red Hat Hardened Images, are affected by the unpatched libxpm implementation found in these distributions. All current releases of these operating systems include the vulnerable version of libxpm until a patch is applied.

Risk and Exploitability

The CVSS score of 5.5 indicates a moderate severity, and the EPSS score of less than 1% suggests low exploitation likelihood. The vulnerability is not listed in the CISA KEV catalog, further indicating a lower threat level. The attack likely requires local, low‑privilege access to the target system, and an attacker must invoke an XPM‑processing application to trigger the crash.

Generated by OpenCVE AI on June 17, 2026 at 22:29 UTC.

Remediation

Vendor Workaround

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.


OpenCVE Recommended Actions

  • Locate the Red Hat security advisory for CVE‑2026‑4367 and install any available patched packages that include an updated libxpm or a hardened Xorg stack.
  • If no patch is available, consider upgrading to a newer distribution release or a full update of the Xorg components that replaces the vulnerable libxpm library.
  • Restrict local user access to applications that load XPM files, or configure those applications to run with the least privileges needed so that a crash cannot affect critical services.

Generated by OpenCVE AI on June 17, 2026 at 22:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
References

Fri, 26 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Libxpm Projet
Libxpm Projet libxpm
Redhat hardened Images
Vendors & Products Libxpm Projet
Libxpm Projet libxpm
Redhat hardened Images

Tue, 16 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Description A flaw was found in libXpm. A local user with low privileges could exploit an Out-of-Bounds Read vulnerability in the `xpmNextWord()` function by processing a specially crafted or very small XPM (X PixMap) image file. This improper validation of file boundaries can cause an internal pointer to read beyond the file's end, leading to application crashes and Denial of Service conditions.
Title Libxpm: libxpm: denial of service via out-of-bounds read in xpm file parsing
First Time appeared Redhat
Redhat enterprise Linux
Redhat hummingbird
Weaknesses CWE-125
CPEs cpe:/a:redhat:hummingbird:1
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat hummingbird
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}


Subscriptions

Libxpm Projet Libxpm
Redhat Enterprise Linux Hardened Images Hummingbird
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-06-26T21:04:24.325Z

Reserved: 2026-03-18T05:07:45.997Z

Link: CVE-2026-4367

cve-icon Vulnrichment

Updated: 2026-06-16T17:47:40.165Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-16T19:16:59.233

Modified: 2026-06-16T20:42:25.013

Link: CVE-2026-4367

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T09:45:08Z

Weaknesses