[3.5] libxpm: Out-of-bounds write in XPM extension parsing (CVE-2016-10164)
An out of boundary write has been found in libXpm < 3.5.12 which can
be
exploited by an attacker through maliciously crafted XPM files.
Fixed In Version:
libxpm 3.5.12
Reference:
http://seclists.org/oss-sec/2017/q1/167
Upstream patch:
https://cgit.freedesktop.org/xorg/lib/libXpm/commit/?id=d1167418f0fd02a27f617ec5afd6db053afbe185
(from redmine: issue id 6751, created on 2017-01-26, closed on 2017-02-01)
- Relations:
- parent #6749 (closed)
- Changesets:
- Revision 503362e6 by Natanael Copa on 2017-01-26T20:43:25Z:
main/libxpm: security upgrade to 3.5.12 (CVE-2016-10164)
fixes #6751