libXpm image parsing code contains a buffer overflow vulnerability that may allow an attacker to cause a denial-of-service condition or execute arbitrary code.
X PixMap (XPM) is a format for encoding and decoding images on the X Windows System 11 (X11). libXpm is a library of functions used to manipulate XPM images. There is a stack-based buffer overflow vulnerability in the xpmParseColors() function. This function is used to decode color information stored within a XPM image. Malicious users may be able to exploit this vulnerability by supplying the xpmParseColors() function with a specially crafted XPM image file. Applications that receive input from remote sources may be remotely exploitable.
Any program that uses the libXpm library may be affected by this issue. Users are encouraged to contact their vendors to determine if they are vulnerable.
Specific impacts depend on the application being attacked. Potential consequences range from abrupt and abnormal program termination to the execution of arbitrary code with the privileges of the compromised program.
Several vendors of relevant or derived implementations have released patches to address this vulnerability; please contact those vendors for further details.
This issue has been corrected in X11 version 6.8.1.
Apple Computer Inc.
Red Hat Inc.
Sun Microsystems Inc.
Wind River Systems Inc.
Thanks to Chris Evans for reporting this vulnerability.
This document was written by Jeff Gennari.
|Date First Published:||2004-09-30|
|Date Last Updated:||2005-05-12 19:33 UTC|