MGASA-2017-0035

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2017-0035.html

Import Source

https://advisories.mageia.org/MGASA-2017-0035.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2017-0035

Related

CVE-2016-10164

Published

2017-02-02T08:11:52Z

Modified

2017-02-02T08:02:42Z

Summary

Updated libxpm packages fix security vulnerability

Details

An out of boundary write has been found in libXpm before 3.5.12 which can be exploited by an attacker through maliciously crafted XPM files. To trigger the vulnerability, a program must explicitly request to also parse XPM extensions while reading files. The motif toolkit and xdm are two among some programs that set the flag (XpmReturnExtensions). It can only be exploited on 64-bit systems (CVE-2016-10164).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / libxpm

Package

Name: libxpm
Purl: pkg:rpm/mageia/libxpm?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.5.12-1.mga5

Ecosystem specific

{
    "section": "core"
}