VDB
JLSEC-2026-286
JLSEC-2026-286
PUBLISHED
A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Julia | Xorg_libXpm_jll | 0, 0 |
Timeline
- Apr 28, 2026 CVE Published
- Apr 28, 2026 CVE Updated
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
References
- https://access.redhat.com/errata/RHSA-2024:2146 url
- https://access.redhat.com/errata/RHSA-2024:2217 url
- https://access.redhat.com/errata/RHSA-2024:2974 url
- https://access.redhat.com/errata/RHSA-2024:3022 url
- https://access.redhat.com/security/cve/CVE-2023-43788 url
- https://bugzilla.redhat.com/show_bug.cgi?id=2242248 url
- https://lists.debian.org/debian-lts-announce/2023/10/msg00005.html url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63IBRFLQVZSMOAZBZOBKFWJP26ILRAGQ/ url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I3KFUQT42R7TB4D7RISNSBQFJGLTQGUL/ url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFAJTBNO3PAIA6EGZR4PN62H6RLKNDTE/ url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6FARGWN7VWXXWPXYNEEDJLRR3EWFZ3T/ url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZECBCLDYUGLDSVV75ECPIBW7JXOB3747/ url