The load function in the XPM loader for imlib2 1.4.2, and possibly other
versions, allows attackers to cause a denial of service (crash) and
possibly execute arbitrary code via a crafted XPM file that triggers a
βpointer arithmetic errorβ and a heap-based buffer overflow, a different
vulnerability than CVE-2008-2426.