CVE-2026-4367

Sažetak

A flaw was found in libXpm. A local user with low privileges could exploit an Out-of-Bounds Read vulnerability in the `xpmNextWord()` function by processing a specially crafted or very small XPM (X PixMap) image file. This improper validation of file boundaries can cause an internal pointer to read beyond the file's end, leading to application crashes and Denial of Service conditions.

Reference

https://access.redhat.com/security/cve/CVE-2026-4367
https://bugzilla.redhat.com/show_bug.cgi?id=2448984
https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/5448e1bd
https://seclists.org/oss-sec/2026/q2/192
http://www.openwall.com/lists/oss-security/2026/04/21/3

CVSS

Base:	5.5
Impact:	3.6
Exploitability:	1.8

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	HIGH

CVSS vektor

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Zadnje važnije ažuriranje

16-06-2026 - 20:42

Objavljeno

16-06-2026 - 19:16