FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libXpm -- Out-of-bounds read in xpmNextWord()

Affected packages
libXpm < 3.5.19

Details

VuXML ID dea605e6-41c9-11f1-8455-901b0e13f1a0
Discovery 2026-04-21
Entry 2026-04-27

The X.Org project reports:

libXpm uses a number of internal helper functions to parse the XPM file format. One of these internal functions, xpmNextString(), checks for the NULL terminator when looking for the end of the current string but not when looking for the beginning of the next string. A small XPM file with a malformed color table definition may cause the function xpmNextWord(), called from xpmParseColors() following a call to xpmNextString(), to start past the actual end of the file, causing an out-of-bound read.

[source]

References

CVE Name CVE-2026-4367
URL https://lists.x.org/archives/xorg-announce/2026-April/003690.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.