CVE-2026-4367— Libxpm: libxpm: denial of service via out-of-bounds read in xpm file parsing
Possible ATT&CK Techniques 2AI
T1203 · Exploitation for Client Execution T1499 · Endpoint Denial of ServiceAffected Version Matrix 6
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 | any | affected |
| Red Hat | Red Hat Enterprise Linux 6 | any | affected |
| Red Hat | Red Hat Enterprise Linux 7 | any | affected |
| Red Hat | Red Hat Enterprise Linux 8 | any | affected |
| Red Hat | Red Hat Enterprise Linux 9 | any | affected |
| Red Hat | Red Hat Hardened Images | any | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-4367
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Libxpm: libxpm: denial of service via out-of-bounds read in xpm file parsing
Source: NVD (National Vulnerability Database)
Vulnerability Description
A flaw was found in libXpm. A local user with low privileges could exploit an Out-of-Bounds Read vulnerability in the `xpmNextWord()` function by processing a specially crafted or very small XPM (X PixMap) image file. This improper validation of file boundaries can cause an internal pointer to read beyond the file's end, leading to application crashes and Denial of Service conditions.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨界内存读
Source: NVD (National Vulnerability Database)
Vulnerability Title
X.Org libXpm 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
X.Org libXpm是X.org基金会的一个图片处理库。 X.Org libXpm存在安全漏洞,该漏洞源于xpmNextWord函数读取内存片段,可能导致获取敏感信息。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 | - | cpe:/o:redhat:enterprise_linux:10 | |
| Red Hat | Red Hat Enterprise Linux 6 | - | cpe:/o:redhat:enterprise_linux:6 | |
| Red Hat | Red Hat Enterprise Linux 7 | - | cpe:/o:redhat:enterprise_linux:7 | |
| Red Hat | Red Hat Enterprise Linux 8 | - | cpe:/o:redhat:enterprise_linux:8 | |
| Red Hat | Red Hat Enterprise Linux 9 | - | cpe:/o:redhat:enterprise_linux:9 | |
| Red Hat | Red Hat Hardened Images | - | cpe:/a:redhat:hummingbird:1 |
II. Public POCs for CVE-2026-4367
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-4367
请登录查看更多情报信息。
Patches & Fixes for CVE-2026-4367 (1)
Vendor Advisories for CVE-2026-4367 (1)
- 🔗 2448984 – (CVE-2026-4367) CVE-2026-4367 libXpm: libXpm: Denial of Service via out-of-bounds read in XPM file parsing Read full article issue-trackingx_refsource_REDHAT
Mailing List Discussions for CVE-2026-4367 (1)
Other References for CVE-2026-4367 (1)
Same Patch Batch · Red Hat · 2026-06-16 · 8 CVEs total
| CVE-2026-10649 | 8.6 HIGH | Pacemaker: pacemaker: denial of service via integer overflow in remote message decompressi |
| CVE-2026-12398 | 7.5 HIGH | Galaxy_ng: shell injection in legacy role import via unsanitized git ref names |
| CVE-2026-42014 | 6.6 MEDIUM | Gnutls: fix use-after-free in gnutls_pkcs11_token_set_pin |
| CVE-2026-1767 | 5.6 MEDIUM | Localsearch: tracker-miners: gnome localsearch mp3 extractor: heap buffer overflow leading |
| CVE-2026-1766 | 5.6 MEDIUM | Localsearch: tracker-miners: gnome localsearch mp3 extractor: denial of service and inform |
| CVE-2026-1765 | 5.6 MEDIUM | Localsearch: tracker-miners: gnome localsearch mp3 extractor: denial of service and potent |
| CVE-2026-1764 | 5.6 MEDIUM | Localsearch: tracker-miners: gnome localsearch mp3 extractor: heap buffer overflow leads t |
IV. Related Vulnerabilities
Same product: Red Hat Enterprise Linux 10
- CVE-2026-56211
Libaom: libaom: remote code execution via svc layer context - CVE-2026-56210
Libaom: libaom: heap-buffer-overflow read via missing bounds - CVE-2026-56209
Libaom: libaom: arbitrary address write via svc layer contex - CVE-2026-56208
Libaom: libaom: heap buffer overflow in av1 encoder first-pa - CVE-2026-12505
Cifs-utils: local privilege escalation via forged cifs.spneg
Same vendor: Red Hat
- CVE-2026-12726
Awx: automation-controller: awx: github webhook second-order - CVE-2026-56211
Libaom: libaom: remote code execution via svc layer context - CVE-2026-56210
Libaom: libaom: heap-buffer-overflow read via missing bounds - CVE-2026-56208
Libaom: libaom: heap buffer overflow in av1 encoder first-pa - CVE-2026-56209
Libaom: libaom: arbitrary address write via svc layer contex
Same weakness: CWE-125
- CVE-2026-49271
libheif: Wrapped icef compressed-unit range check causes out - CVE-2026-56210
Libaom: libaom: heap-buffer-overflow read via missing bounds - CVE-2026-48138
Out-of-bounds read vulnerability in the NI grpc-device strea - CVE-2025-15661
libssh2 - Heap Buffer Over-read via sftp_symlink() in sftp.c - CVE-2026-56099
OpenBSD mpls_do_error Kernel Stack Memory Disclosure via MPL
V. Comments for CVE-2026-4367
No comments yet