xpm -- image decoding vulnerabilities

ID EF253F8B-0727-11D9-B45D-000C41E2CDAD
Type freebsd
Reporter FreeBSD
Modified 2005-01-03T00:00:00


Chris Evans discovered several vulnerabilities in the libXpm image decoder:

A stack-based buffer overflow in xpmParseColors An integer overflow in xpmParseColors A stack-based buffer overflow in ParsePixels and ParseAndPutPixels

The X11R6.8.1 release announcement reads:

This version is purely a security release, addressing multiple integer and stack overflows in libXpm, the X Pixmap library; all known versions of X (both XFree86 and X.Org) are affected, so all users of X are strongly encouraged to upgrade.