What is GHSA-c2rx-36v4-qc8g?

GHSA-c2rx-36v4-qc8g is a security advisory published by GitHub Security Advisories with Medium severity. A flaw was found in libXpm. A local user with low privileges could exploit an Out-of-Bounds Read...

Which CVE IDs does GHSA-c2rx-36v4-qc8g cover?

GHSA-c2rx-36v4-qc8g covers the following CVE IDs: CVE-2026-4367. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-c2rx-36v4-qc8g?

GHSA-c2rx-36v4-qc8g has a CVSS v3 base score of 5.5, published by GitHub Security Advisories.

GHSA-c2rx-36v4-qc8gMediumCVSS 5.5

A flaw was found in libXpm. A local user with low privileges could exploit an Out-of-Bounds Read...

Vendor

GitHub Security Advisories

Published

June 16, 2026

Last Modified

June 16, 2026

🔗 CVE IDs covered (1)

CVE-2026-4367 →

📋 Description

A flaw was found in libXpm. A local user with low privileges could exploit an Out-of-Bounds Read vulnerability in the xpmNextWord() function by processing a specially crafted or very small XPM (X PixMap) image file. This improper validation of file boundaries can cause an internal pointer to read beyond the file's end, leading to application crashes and Denial of Service conditions.

🔗 References (7)

https://nvd.nist.gov/vuln/detail/CVE-2026-4367
https://access.redhat.com/security/cve/CVE-2026-4367
https://bugzilla.redhat.com/show_bug.cgi?id=2448984
https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/5448e1bd
https://seclists.org/oss-sec/2026/q2/192
http://www.openwall.com/lists/oss-security/2026/04/21/3
https://github.com/advisories/GHSA-c2rx-36v4-qc8g