2 matches found
AZL-31489 CVE-2023-43788 affecting package libXpm for versions less than 3.5.17-1
A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system...
AZL-13248 CVE-2022-4883 affecting package libXpm for versions less than 3.5.17-1
A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH...