CVE-2026-4367 — Vulnetix

CVE-2026-4367 PUBLISHED CVSS 3.299999952316284 LOW

libXpm provided by X.Org Foundation incorrectly handles malformed XPM files, leading to an out-of-bounds read vulnerability.<a href='https://cwe.mitre.org/data/definitions/125.html' target='_blank'></a><ul><li>Out-of-bounds read (CWE-125) - CVE-2026-4367</li></ul>Naoki Wakamatsu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Risk Scores

CVSS v3.0

3.299999952316284

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Affected Products

Vendor	Product	Versions
alpine	libxpm	0, 0, 0
X.Org Foundation	libxpm

Timeline

Apr 21, 2026 CVE Published
May 11, 2026 CVE Updated

References

https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000070.html advisory

Open in Interactive Console →