🟡 Medium | Source: Microsoft Security Response Center
CVE-2026-4367 is a denial-of-service vulnerability in libxpm, a library used to parse XPM image files, caused by an out-of-bounds read when processing malformed input. An attacker could exploit this by supplying a crafted XPM file to any service or application that uses libxpm, causing it to crash. This is relevant to Azure environments where workloads or container images bundle libxpm as a dependency.
Security Architect’s Take: Audit your Azure workloads and container base images for any packages that include libxpm, and ensure they are updated to the patched version. Pay particular attention to Linux-based containers and VMs running graphical or image-processing workloads where libxpm may be present transitively.
Original advisory: CVE-2026-4367 Libxpm: libxpm: denial of service via out-of-bounds read in xpm file parsing