libXpm image parsing code contains a buffer overflow vulnerability that may allow an attacker to cause a denial-of-service condition or execute arbitrary code.
X PixMap (XPM) is a format for encoding and decoding images on the X Windows System 11 (X11). libXpm is a library of functions used to manipulate XPM images. There is a stack-based buffer overflow vulnerability in the xpmParseColors() function. This function is used to decode color information stored within a XPM image. Malicious users may be able to exploit this vulnerability by supplying the xpmParseColors() function with a specially crafted XPM image file. Applications that receive input from remote sources may be remotely exploitable.
Any program that uses the libXpm library may be affected by this issue. Users are encouraged to contact their vendors to determine if they are vulnerable.
Specific impacts depend on the application being attacked. Potential consequences range from abrupt and abnormal program termination to the execution of arbitrary code with the privileges of the compromised program.
Several vendors of relevant or derived implementations have released patches to address this vulnerability; please contact those vendors for further details.
This issue has been corrected in X11 version 6.8.1.
SuSE Inc. Affected
Apple Computer Inc. Unknown
Cray Inc. Unknown
F5 Networks Unknown
Hewlett-Packard Company Unknown
IBM eServer Unknown
Ingrian Networks Unknown
Juniper Networks Unknown
MontaVista Software Unknown
NEC Corporation Unknown
Openwall GNU/*/Linux Unknown
Red Hat Inc. Unknown
Sony Corporation Unknown
Sun Microsystems Inc. Unknown
Wind River Systems Inc. Unknown
X Consortium Unknown
eMC Corporation Unknown
Thanks to Chris Evans for reporting this vulnerability.
This document was written by Jeff Gennari.
|Date First Published:||2004-09-30|
|Date Last Updated:||2005-05-12 19:33 UTC|