DSA-3772-1 libxpm -- libxpmID: oval:org.secpod.oval:def:602754 | Date: (C)2017-01-27 (M)2023-12-20 |
Class: PATCH | Family: unix |
Tobias Stoeckmann discovered that the libXpm library contained two integer overflow flaws, leading to a heap out-of-bounds write, while parsing XPM extensions in a file. An attacker can provide a specially crafted XPM file that, when processed by an application using the libXpm library, would cause a denial-of-service against the application, or potentially, the execution of arbitrary code with the privileges of the user running the application.