Lucene search
Veracode Vulnerability DatabaseVERACODE:29422HistoryFeb 18, 2021 - 5:07 a.m.
Arbitrary Code Execution
2021-02-1805:07:27
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
15
0.025 Low
EPSS
Percentile
90.2%
libXpm.so is vulnerable to arbitrary code execution. A remote attacker is able to cause a denial of service (out-of-bounds write) or execute arbitrary code by parsing malicious XPM files via (1) the number of extensions or (2) their concatenated length in a crafted XPM file triggering a heap-based buffer overflow.
References
www.debian.org/security/2017/dsa-3772
www.openwall.com/lists/oss-security/2017/01/22/2
www.openwall.com/lists/oss-security/2017/01/25/7
www.securityfocus.com/bid/95785
access.redhat.com/errata/RHSA-2017:1865
cgit.freedesktop.org/xorg/lib/libXpm/commit/?id=d1167418f0fd02a27f617ec5afd6db053afbe185
lists.freedesktop.org/archives/xorg/2016-December/058537.html
security.gentoo.org/glsa/201701-72
Related
nessus
nessus
Fedora 24 : libXpm (2017-6d6e2bfd1a)
2017-01-31 00:00:00
SUSE SLED12 / SLES12 Security Update : libXpm (SUSE-SU-2017:0467-1)
2017-02-16 00:00:00
openSUSE Security Update : libXpm (openSUSE-2017-292)
2017-02-24 00:00:00
cloudfoundry
cloudfoundry
USN-3185-1: libXpm vulnerability | Cloud Foundry
2017-03-17 00:00:00
osv
osv
libxpm - security update
2017-01-26 00:00:00
CVE-2016-10164
2017-02-01 15:59:00
libxpm - security update
2017-01-26 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2017-0035)
2022-01-28 00:00:00
Ubuntu: Security Advisory (USN-3185-1)
2017-02-03 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:0467-1)
2021-04-19 00:00:00
ubuntucve
ubuntucve
CVE-2016-10164
2016-12-31 00:00:00
fedora
fedora
[SECURITY] Fedora 24 Update: libXpm-3.5.12-1.fc24
2017-01-29 22:19:20
debian
debian
[SECURITY] [DSA 3772-1] libxpm security update
2017-01-26 19:30:27
[SECURITY] [DSA 3772-1] libxpm security update
2017-01-26 19:30:27
[SECURITY] [DLA 801-1] libxpm security update
2017-01-26 17:23:53
cvelist
cvelist
CVE-2016-10164
2017-02-01 15:00:00
prion
prion
Integer overflow
2017-02-01 15:59:00
gentoo
gentoo
libXpm: Remote execution of arbitrary code
2017-01-29 00:00:00
redhatcve
redhatcve
CVE-2016-10164
2017-01-25 13:17:34
mageia
mageia
Updated libxpm packages fix security vulnerability
2017-02-02 11:11:52
ibm
ibm
nvd
nvd
CVE-2016-10164
2017-02-01 15:59:00
cve
cve
CVE-2016-10164
2017-02-01 15:59:00
alpinelinux
alpinelinux
CVE-2016-10164
2017-02-01 15:59:00
ubuntu
ubuntu
libXpm vulnerability
2017-02-01 00:00:00
debiancve
debiancve
CVE-2016-10164
2017-02-01 15:59:00
redhat
redhat
oraclelinux
oraclelinux
X.org X11 libraries security, bug fix and enhancement update
2017-08-07 00:00:00