Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201701-72
HistoryJan 29, 2017 - 12:00 a.m.

libXpm: Remote execution of arbitrary code

2017-01-2900:00:00
Gentoo Foundation
security.gentoo.org
34

0.025 Low

EPSS

Percentile

90.2%

JSON

Background

The X PixMap image format is an extension of the monochrome X BitMap format specified in the X protocol, and is commonly used in traditional X applications.

Description

An integer overflow was discovered in libXpm’s src/CrDatFrI.c file. On 64 bit systems, this allows an overflow to occur on 32 bit integers while parsing XPM extensions in a file.

Impact

A remote attacker, by enticing a user to process a specially crafted XPM file, could execute arbitrary code with the privileges of the process or cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All libXpm users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=x11-libs/libXpm-3.5.12"
OSVersionArchitecturePackageVersionFilename
Gentooanyallx11-libs/libxpm< 3.5.12UNKNOWN

Related

prion 1
nessus 17
osv 3
debian 3
fedora 1
cvelist 1
redhatcve 1
openvas 12
ibm 1
mageia 1
cloudfoundry 1
ubuntucve 1
veracode 1
cve 1
debiancve 1
alpinelinux 1
ubuntu 1
centos 1
redhat 1
oraclelinux 1
prion
prion
Integer overflow
2017-02-01 15:59:00
nessus
nessus
SUSE SLES11 Security Update : xorg-x11-libXpm (SUSE-SU-2017:0470-1)
2017-02-16 00:00:00
RHEL 5 : libxpm (Unpatched Vulnerability)
2024-05-11 00:00:00
EulerOS 2.0 SP8 : motif (EulerOS-SA-2024-1283)
2024-03-12 00:00:00
osv
osv
libxpm - security update
2017-01-26 00:00:00
CVE-2016-10164
2017-02-01 15:59:00
libxpm - security update
2017-01-26 00:00:00
debian
debian
[SECURITY] [DSA 3772-1] libxpm security update
2017-01-26 19:30:27
[SECURITY] [DSA 3772-1] libxpm security update
2017-01-26 19:30:48
[SECURITY] [DLA 801-1] libxpm security update
2017-01-26 17:24:10
fedora
fedora
[SECURITY] Fedora 24 Update: libXpm-3.5.12-1.fc24
2017-01-29 22:19:20
cvelist
cvelist
CVE-2016-10164
2017-02-01 15:00:00
redhatcve
redhatcve
CVE-2016-10164
2017-01-25 13:17:34
openvas
openvas
Debian Security Advisory DSA 3772-1 (libxpm - security update)
2017-01-26 00:00:00
Huawei EulerOS: Security Advisory for motif (EulerOS-SA-2024-1283)
2024-03-12 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:0470-1)
2021-06-09 00:00:00
ibm
ibm
Security Bulletin: Vulnerability in libXpm affects IBM BladeCenter Advanced Management Module (AMM)
2023-04-14 14:32:25
mageia
mageia
Updated libxpm packages fix security vulnerability
2017-02-02 11:11:52
cloudfoundry
cloudfoundry
USN-3185-1: libXpm vulnerability | Cloud Foundry
2017-03-17 00:00:00
ubuntucve
ubuntucve
CVE-2016-10164
2016-12-31 00:00:00
veracode
veracode
Arbitrary Code Execution
2021-02-18 05:07:27
cve
cve
CVE-2016-10164
2017-02-01 15:59:00
debiancve
debiancve
CVE-2016-10164
2017-02-01 15:59:00
alpinelinux
alpinelinux
CVE-2016-10164
2017-02-01 15:59:00
ubuntu
ubuntu
libXpm vulnerability
2017-02-01 00:00:00
centos
centos
drm, libICE, libX11, libXaw, libXcursor, libXdmcp, libXfixes, libXfont, libXfont2, libXi, libXpm, libXrandr, libXrender, libXt, libXtst, libXv, libXvMC, libXxf86vm, libdrm, libepoxy, libevdev, libfontenc, libinput, libvdpau, libwacom, libxcb, libxkbcommon, libxkbfile, mesa, vulkan, xcb, xkeyboard, xorg security update
2017-08-24 01:38:44
redhat
redhat
(RHSA-2017:1865) Moderate: X.org X11 libraries security, bug fix and enhancement update
2017-08-01 05:55:26
oraclelinux
oraclelinux
X.org X11 libraries security, bug fix and enhancement update
2017-08-07 00:00:00

0.025 Low

EPSS

Percentile

90.2%

JSON
Related for GLSA-201701-72
prion1nessus17osv3debian3fedora1cvelist1redhatcve1openvas12ibm1mageia1cloudfoundry1ubuntucve1veracode1cve1debiancve1alpinelinux1ubuntu1centos1redhat1oraclelinux1