Nixpkgs security tracker

Untriaged

Permalink CVE-2026-4367

5.5 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): High (H)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): High (H)

created 3 days, 15 hours ago Activity log

Created suggestion 3 days, 15 hours ago

Libxpm: libxpm: denial of service via out-of-bounds read in xpm file parsing

A flaw was found in libXpm. A local user with low privileges could exploit an Out-of-Bounds Read vulnerability in the `xpmNextWord()` function by processing a specially crafted or very small XPM (X PixMap) image file. This improper validation of file boundaries can cause an internal pointer to read beyond the file's end, leading to application crashes and Denial of Service conditions.

References

https://access.redhat.com/security/cve/CVE-2026-4367 vdb-entryx_refsource_REDHAT
RHBZ#2448984 x_refsource_REDHATissue-tracking
https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/5448e1bd
https://seclists.org/oss-sec/2026/q2/192
http://www.openwall.com/lists/oss-security/2026/04/21/3

Affected products

libXpm

Matching in nixpkgs

pkgs.libXpm

None

nixos-unstable 3.5.19
- nixos-unstable-small 3.5.19
nixos-26.05 -
- nixos-26.05-small 3.5.19
- nixpkgs-26.05-darwin 3.5.19

pkgs.libxpm

X Pixmap (XPM) image file format library

nixos-unstable 3.5.19
- nixpkgs-unstable 3.5.19
- nixos-unstable-small 3.5.19
nixos-26.05 -
- nixos-26.05-small 3.5.19
- nixpkgs-26.05-darwin 3.5.19

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.libXpm

pkgs.libxpm