CVE-2026-4367 PUBLISHED

Libxpm: libxpm: denial of service via out-of-bounds read in xpm file parsing

Assigner: redhat
Reserved: 18.03.2026 Published: 16.06.2026 Updated: 16.06.2026

A flaw was found in libXpm. A local user with low privileges could exploit an Out-of-Bounds Read vulnerability in the xpmNextWord() function by processing a specially crafted or very small XPM (X PixMap) image file. This improper validation of file boundaries can cause an internal pointer to read beyond the file's end, leading to application crashes and Denial of Service conditions.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS Score: 5.5

Attack Vector	Local	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	Low	Integrity Impact	None
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Red Hat
Product	Red Hat Enterprise Linux 10
Versions	Default: affected

Vendor	Red Hat
Product	Red Hat Enterprise Linux 6
Versions	Default: affected

Vendor	Red Hat
Product	Red Hat Enterprise Linux 7
Versions	Default: affected

Vendor	Red Hat
Product	Red Hat Enterprise Linux 8
Versions	Default: affected

Vendor	Red Hat
Product	Red Hat Enterprise Linux 9
Versions	Default: affected

Vendor	Red Hat
Product	Red Hat Hardened Images
Versions	Default: affected

Workarounds

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Credits

Red Hat would like to thank Naoki Wakamatsu (JPCERT/CC Vulnerability Coordination Group) for reporting this issue.

References

Problem Types

Out-of-bounds Read CWE