Chris Evans reported three vulnerabilities in libXpm which can be exploited remotely by providing malformed XPM image files. The function xpmParseColors() is vulnerable to an integer overflow and a stack-based buffer overflow. The functions ParseAndPutPixels() as well as ParsePixels() is vulnerable to a stack-based buffer overflow too. Additionally Matthieu Herrb found two one-byte buffer overflows.
There is no workaround known.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE | 9.1 | x86_64 | xfree86-libs | < 4.3.99.902-43.31 | XFree86-libs-4.3.99.902-43.31.x86_64.rpm |
openSUSE | 9.1 | i586 | xfree86-libs | < 4.3.99.902-43.31 | XFree86-libs-4.3.99.902-43.31.i586.rpm |
openSUSE | 9.0 | x86_64 | xfree86-libs | < 4.3.0.1-55 | XFree86-libs-4.3.0.1-55.x86_64.rpm |
openSUSE | 9.0 | i586 | xfree86-libs | < 4.3.0.1-55 | XFree86-libs-4.3.0.1-55.i586.rpm |
openSUSE | 8.2 | i586 | xfree86-libs | < 4.3.0-127 | XFree86-libs-4.3.0-127.i586.rpm |
openSUSE | 8.1 | i586 | xshared | < 4.2.0-267 | xshared-4.2.0-267.i586.rpm |