7.6 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.017 Low
EPSS
Percentile
87.7%
Chris Gilbert discovered a buffer overflow in the XPM library shipped
with XFree86. If an attacker tricked a user into loading a malicious
XPM image with an application that uses libxpm, he could exploit this
to execute arbitrary code with the privileges of the user opening the
image.
These overflows do not allow privilege escalation through the X
server; the overflows are in a client-side library.