7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.348 Low
EPSS
Percentile
97.1%
Chris Evans discovered several vulnerabilities in the libXpm
image decoder:
A stack-based buffer overflow in xpmParseColors
An integer overflow in xpmParseColors
A stack-based buffer overflow in ParsePixels and
ParseAndPutPixels
The X11R6.8.1 release announcement reads:
This version is purely a security release, addressing
multiple integer and stack overflows in libXpm, the X
Pixmap library; all known versions of X (both XFree86
and X.Org) are affected, so all users of X are strongly
encouraged to upgrade.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | agenda-snow-libs | = 0 | UNKNOWN |
FreeBSD | any | noarch | linux_base | = 0 | UNKNOWN |
FreeBSD | any | noarch | open-motif-devel | = 0 | UNKNOWN |
FreeBSD | any | noarch | mupad | = 0 | UNKNOWN |
FreeBSD | any | noarch | zh-cle_base | = 0 | UNKNOWN |
FreeBSD | any | noarch | libxpm | < 3.5.1_1 | UNKNOWN |
FreeBSD | any | noarch | xfree86-libraries | < 4.4.0_1 | UNKNOWN |
FreeBSD | any | noarch | xorg-libraries | < 6.7.0_2 | UNKNOWN |
FreeBSD | any | noarch | lesstif | < 0.93.96,2 | UNKNOWN |
FreeBSD | any | noarch | xpm | < 3.4k_1 | UNKNOWN |