FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

x11/libXpm multiple vulnerabilities

Affected packages
libXpm < 3.5.17

Details

VuXML ID 199cdb4d-690d-11ee-9ed0-001fc69cd6dc
Discovery 2023-09-22
Entry 2023-10-12

The X.Org project reports:

CVE-2023-43788: Out of bounds read in XpmCreateXpmImageFromBuffer
An out-of-bounds read is located in ParseComment() when reading from a memory buffer instead of a file, as it continued to look for the closing comment marker past the end of the buffer.
CVE-2023-43789: Out of bounds read on XPM with corrupted colormap
A corrupted colormap section may cause libXpm to read out of bounds.
[source]

References

CVE Name CVE-2023-43788
CVE Name CVE-2023-43789
URL https://lists.x.org/archives/xorg/2023-October/061506.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.