Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.maint.x > #19339

Bug#1134690: libxpm: CVE-2026-4367

From Salvatore Bonaccorso <carnil@debian.org>
Newsgroups linux.debian.bugs.dist, linux.debian.maint.x
Subject Bug#1134690: libxpm: CVE-2026-4367
Date 2026-04-23 09:50 +0200
Message-ID <MMWYV-hkG3-3@gated-at.bofh.it> (permalink)
Organization linux.* mail to news gateway

Cross-posted to 2 groups.

Show all headers | View raw

Source: libxpm
Version: 1:3.5.17-1
Severity: important
Tags: security upstream
Forwarded: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/merge_requests/31
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerability was published for libxpm.

CVE-2026-4367[0]:
| Out-of-bounds read in xpmNextWord()

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-4367
    https://www.cve.org/CVERecord?id=CVE-2026-4367
[1] https://gitlab.freedesktop.org/xorg/lib/libxpm/-/merge_requests/31

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Back to linux.debian.maint.x | Previous | Next | Find similar

Thread

Bug#1134690: libxpm: CVE-2026-4367 Salvatore Bonaccorso <carnil@debian.org> - 2026-04-23 09:50 +0200

csiph-web