ALPINE-CVE-2026-4367

See a problem?
Please try reporting it to the source first.
Source
https://security.alpinelinux.org/vuln/CVE-2026-4367
Import Source
https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-4367.json
JSON Data
https://api.osv.dev/v1/vulns/ALPINE-CVE-2026-4367
Upstream
  • CVE-2026-4367
Published
2026-06-16T19:16:59.233Z
Modified
2026-06-17T17:30:06.181286092Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A flaw was found in libXpm. A local user with low privileges could exploit an Out-of-Bounds Read vulnerability in the xpmNextWord() function by processing a specially crafted or very small XPM (X PixMap) image file. This improper validation of file boundaries can cause an internal pointer to read beyond the file's end, leading to application crashes and Denial of Service conditions.

References

Affected packages

Alpine:v3.20 / libxpm

Package

Name
libxpm
Purl
pkg:apk/alpine/libxpm?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.5.19-r0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-4367.json"

Alpine:v3.21 / libxpm

Package

Name
libxpm
Purl
pkg:apk/alpine/libxpm?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.5.19-r0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-4367.json"

Alpine:v3.22 / libxpm

Package

Name
libxpm
Purl
pkg:apk/alpine/libxpm?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.5.19-r0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-4367.json"

Alpine:v3.23 / libxpm

Package

Name
libxpm
Purl
pkg:apk/alpine/libxpm?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.5.19-r0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-4367.json"

Alpine:v3.24 / libxpm

Package

Name
libxpm
Purl
pkg:apk/alpine/libxpm?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.5.19-r0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-4367.json"