OESA-2026-2151
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-2151
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2026-2151.json
- JSON Data
- https://api.osv.dev/v1/vulns/OESA-2026-2151
- Upstream
- Published
- 2026-05-03T09:56:15Z
- Modified
- 2026-05-03T10:19:23.712634Z
- Summary
- libXpm security update
- Details
-
X.Org X11 libXpm runtime library
Security Fix(es):
A vulnerability was found in X.org libXpm up to 3.5.4. It has been classified as problematic.CWE is classifying the issue as CWE-125. The product reads data past the end, or before the beginning, of the intended buffer.This is going to have an impact on confidentiality.Upgrading to version 3.5.19 eliminates this vulnerability. Applying the patch 5448e1bd is able to eliminate this problem. The bugfix is ready for download at gitlab.freedesktop.org. The best possible mitigation is suggested to be upgrading to the latest version.(CVE-2026-4367)
- Database specific
{ "severity": "Medium" }- References
Affected packages
openEuler:20.03-LTS-SP4
libXpm
Package
- Name
- libXpm
- Purl
- pkg:rpm/openEuler/libXpm&distro=openEuler-20.03-LTS-SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.5.13-4.oe2003sp4
Ecosystem specific
{
"src": [
"libXpm-3.5.13-4.oe2003sp4.src.rpm"
],
"aarch64": [
"libXpm-3.5.13-4.oe2003sp4.aarch64.rpm",
"libXpm-debuginfo-3.5.13-4.oe2003sp4.aarch64.rpm",
"libXpm-debugsource-3.5.13-4.oe2003sp4.aarch64.rpm",
"libXpm-devel-3.5.13-4.oe2003sp4.aarch64.rpm"
],
"x86_64": [
"libXpm-3.5.13-4.oe2003sp4.x86_64.rpm",
"libXpm-debuginfo-3.5.13-4.oe2003sp4.x86_64.rpm",
"libXpm-debugsource-3.5.13-4.oe2003sp4.x86_64.rpm",
"libXpm-devel-3.5.13-4.oe2003sp4.x86_64.rpm"
],
"noarch": [
"libXpm-help-3.5.13-4.oe2003sp4.noarch.rpm"
]
}openEuler:22.03-LTS-SP4
libXpm
Package
- Name
- libXpm
- Purl
- pkg:rpm/openEuler/libXpm&distro=openEuler-22.03-LTS-SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.5.13-6.oe2203sp4
Ecosystem specific
{
"src": [
"libXpm-3.5.13-6.oe2203sp4.src.rpm"
],
"aarch64": [
"libXpm-3.5.13-6.oe2203sp4.aarch64.rpm",
"libXpm-debuginfo-3.5.13-6.oe2203sp4.aarch64.rpm",
"libXpm-debugsource-3.5.13-6.oe2203sp4.aarch64.rpm",
"libXpm-devel-3.5.13-6.oe2203sp4.aarch64.rpm"
],
"x86_64": [
"libXpm-3.5.13-6.oe2203sp4.x86_64.rpm",
"libXpm-debuginfo-3.5.13-6.oe2203sp4.x86_64.rpm",
"libXpm-debugsource-3.5.13-6.oe2203sp4.x86_64.rpm",
"libXpm-devel-3.5.13-6.oe2203sp4.x86_64.rpm"
],
"noarch": [
"libXpm-help-3.5.13-6.oe2203sp4.noarch.rpm"
]
}openEuler:24.03-LTS
libXpm
Package
- Name
- libXpm
- Purl
- pkg:rpm/openEuler/libXpm&distro=openEuler-24.03-LTS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.5.17-2.oe2403sp3
Ecosystem specific
{
"src": [
"libXpm-3.5.17-2.oe2403.src.rpm",
"libXpm-3.5.17-2.oe2403sp1.src.rpm",
"libXpm-3.5.17-2.oe2403sp3.src.rpm"
],
"aarch64": [
"libXpm-3.5.17-2.oe2403.aarch64.rpm",
"libXpm-debuginfo-3.5.17-2.oe2403.aarch64.rpm",
"libXpm-debugsource-3.5.17-2.oe2403.aarch64.rpm",
"libXpm-devel-3.5.17-2.oe2403.aarch64.rpm",
"libXpm-3.5.17-2.oe2403sp1.aarch64.rpm",
"libXpm-debuginfo-3.5.17-2.oe2403sp1.aarch64.rpm",
"libXpm-debugsource-3.5.17-2.oe2403sp1.aarch64.rpm",
"libXpm-devel-3.5.17-2.oe2403sp1.aarch64.rpm",
"libXpm-3.5.17-2.oe2403sp3.aarch64.rpm",
"libXpm-debuginfo-3.5.17-2.oe2403sp3.aarch64.rpm",
"libXpm-debugsource-3.5.17-2.oe2403sp3.aarch64.rpm",
"libXpm-devel-3.5.17-2.oe2403sp3.aarch64.rpm"
],
"x86_64": [
"libXpm-3.5.17-2.oe2403.x86_64.rpm",
"libXpm-debuginfo-3.5.17-2.oe2403.x86_64.rpm",
"libXpm-debugsource-3.5.17-2.oe2403.x86_64.rpm",
"libXpm-devel-3.5.17-2.oe2403.x86_64.rpm",
"libXpm-3.5.17-2.oe2403sp1.x86_64.rpm",
"libXpm-debuginfo-3.5.17-2.oe2403sp1.x86_64.rpm",
"libXpm-debugsource-3.5.17-2.oe2403sp1.x86_64.rpm",
"libXpm-devel-3.5.17-2.oe2403sp1.x86_64.rpm",
"libXpm-3.5.17-2.oe2403sp3.x86_64.rpm",
"libXpm-debuginfo-3.5.17-2.oe2403sp3.x86_64.rpm",
"libXpm-debugsource-3.5.17-2.oe2403sp3.x86_64.rpm",
"libXpm-devel-3.5.17-2.oe2403sp3.x86_64.rpm"
],
"noarch": [
"libXpm-help-3.5.17-2.oe2403.noarch.rpm",
"libXpm-help-3.5.17-2.oe2403sp1.noarch.rpm",
"libXpm-help-3.5.17-2.oe2403sp3.noarch.rpm"
]
}openEuler:24.03-LTS-SP1
libXpm
Package
- Name
- libXpm
- Purl
- pkg:rpm/openEuler/libXpm&distro=openEuler-24.03-LTS-SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.5.17-2.oe2403sp1
Ecosystem specific
{
"src": [
"libXpm-3.5.17-2.oe2403sp1.src.rpm"
],
"aarch64": [
"libXpm-3.5.17-2.oe2403sp1.aarch64.rpm",
"libXpm-debuginfo-3.5.17-2.oe2403sp1.aarch64.rpm",
"libXpm-debugsource-3.5.17-2.oe2403sp1.aarch64.rpm",
"libXpm-devel-3.5.17-2.oe2403sp1.aarch64.rpm"
],
"x86_64": [
"libXpm-3.5.17-2.oe2403sp1.x86_64.rpm",
"libXpm-debuginfo-3.5.17-2.oe2403sp1.x86_64.rpm",
"libXpm-debugsource-3.5.17-2.oe2403sp1.x86_64.rpm",
"libXpm-devel-3.5.17-2.oe2403sp1.x86_64.rpm"
],
"noarch": [
"libXpm-help-3.5.17-2.oe2403sp1.noarch.rpm"
]
}openEuler:24.03-LTS-SP3
libXpm
Package
- Name
- libXpm
- Purl
- pkg:rpm/openEuler/libXpm&distro=openEuler-24.03-LTS-SP3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.5.17-2.oe2403sp3
Ecosystem specific
{
"src": [
"libXpm-3.5.17-2.oe2403sp3.src.rpm"
],
"aarch64": [
"libXpm-3.5.17-2.oe2403sp3.aarch64.rpm",
"libXpm-debuginfo-3.5.17-2.oe2403sp3.aarch64.rpm",
"libXpm-debugsource-3.5.17-2.oe2403sp3.aarch64.rpm",
"libXpm-devel-3.5.17-2.oe2403sp3.aarch64.rpm"
],
"x86_64": [
"libXpm-3.5.17-2.oe2403sp3.x86_64.rpm",
"libXpm-debuginfo-3.5.17-2.oe2403sp3.x86_64.rpm",
"libXpm-debugsource-3.5.17-2.oe2403sp3.x86_64.rpm",
"libXpm-devel-3.5.17-2.oe2403sp3.x86_64.rpm"
],
"noarch": [
"libXpm-help-3.5.17-2.oe2403sp3.noarch.rpm"
]
}