(RHSA-2004:537) openmotif security update

ID RHSA-2004:537
Type redhat
Reporter RedHat
Modified 2019-03-22T23:43:37


OpenMotif provides libraries which implement the Motif industry standard graphical user interface.

During a source code audit, Chris Evans and others discovered several stack overflow flaws and an integer overflow flaw in the libXpm library used to decode XPM (X PixMap) images. A vulnerable version of this library was found within OpenMotif. An attacker could create a carefully crafted XPM file which would cause an application to crash or potentially execute arbitrary code if opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0687, CAN-2004-0688, and CAN-2004-0914 to these issues.

Users of OpenMotif are advised to upgrade to these erratum packages, which contain backported security patches to the embedded libXpm library.