The XPM library which is part of the XFree86/XOrg project is used by several GUI applications to process XPM image files. A source code review done by Thomas Biege of the SuSE Security-Team revealed several different kinds of bugs. The bug types are: - integer overflows - out-of-bounds memory access - shell command execution - path traversal - endless loops By providing a special image these bugs can be exploited by remote and/or local attackers to gain access to the system or to escalate their local privileges.
No workaround exists to protect against these bugs.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE | 9.0 | x86_64 | xfree86-libs | < 4.3.0.1-57 | XFree86-libs-4.3.0.1-57.x86_64.rpm |
openSUSE | 9.1 | x86_64 | xfree86-libs | < 4.3.99.902-43.35.3 | XFree86-libs-4.3.99.902-43.35.3.x86_64.rpm |
openSUSE | 8.1 | i586 | xshared | < 4.2.0-269 | xshared-4.2.0-269.i586.rpm |
openSUSE | 9.2 | i586 | xorg-x11-libs | < 6.8.1-15.3 | xorg-x11-libs-6.8.1-15.3.i586.rpm |
openSUSE | 8.2 | i586 | xfree86-libs | < 4.3.0-132 | XFree86-libs-4.3.0-132.i586.rpm |
openSUSE | 9.2 | x86_64 | xorg-x11-libs-32bit | < 9.2-200411100529 | xorg-x11-libs-32bit-9.2-200411100529.x86_64.rpm |
openSUSE | 9.1 | i586 | xfree86-libs | < 4.3.99.902-43.35.3 | XFree86-libs-4.3.99.902-43.35.3.i586.rpm |
openSUSE | 9.0 | i586 | xfree86-libs | < 4.3.0.1-57 | XFree86-libs-4.3.0.1-57.i586.rpm |