Описание
Multiple integer overflows in libXpm before 3.5.12, when a program requests parsing XPM extensions on a 64-bit platform, allow remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via (1) the number of extensions or (2) their concatenated length in a crafted XPM file, which triggers a heap-based buffer overflow.
An integer overflow flaw leading to a heap-based buffer overflow was found in libXpm. An attacker could use this flaw to crash an application using libXpm via a specially crafted XPM file.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | libXpm | Will not fix | ||
| Red Hat Enterprise Linux 6 | libXpm | Will not fix | ||
| Red Hat Enterprise Linux 7 | libdrm | Fixed | RHSA-2017:1865 | 01.08.2017 |
| Red Hat Enterprise Linux 7 | libepoxy | Fixed | RHSA-2017:1865 | 01.08.2017 |
| Red Hat Enterprise Linux 7 | libevdev | Fixed | RHSA-2017:1865 | 01.08.2017 |
| Red Hat Enterprise Linux 7 | libfontenc | Fixed | RHSA-2017:1865 | 01.08.2017 |
| Red Hat Enterprise Linux 7 | libICE | Fixed | RHSA-2017:1865 | 01.08.2017 |
| Red Hat Enterprise Linux 7 | libinput | Fixed | RHSA-2017:1865 | 01.08.2017 |
| Red Hat Enterprise Linux 7 | libvdpau | Fixed | RHSA-2017:1865 | 01.08.2017 |
| Red Hat Enterprise Linux 7 | libwacom | Fixed | RHSA-2017:1865 | 01.08.2017 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.8 Medium
CVSS3
Связанные уязвимости
Multiple integer overflows in libXpm before 3.5.12, when a program requests parsing XPM extensions on a 64-bit platform, allow remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via (1) the number of extensions or (2) their concatenated length in a crafted XPM file, which triggers a heap-based buffer overflow.
Multiple integer overflows in libXpm before 3.5.12, when a program requests parsing XPM extensions on a 64-bit platform, allow remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via (1) the number of extensions or (2) their concatenated length in a crafted XPM file, which triggers a heap-based buffer overflow.
Multiple integer overflows in libXpm before 3.5.12, when a program req ...
EPSS
5.8 Medium
CVSS3