SUSE-SA:2004:034: XFree86-libs, xshared
High Nessus Plugin ID 14775
SynopsisThe remote host is missing a vendor-supplied security patch
DescriptionThe remote host is missing the patch for the advisory SUSE-SA:2004:034 (XFree86-libs, xshared).
Chris Evans reported three vulnerabilities in libXpm which can be exploited remotely by providing malformed XPM image files.
The function xpmParseColors() is vulnerable to an integer overflow and a stack-based buffer overflow. The functions ParseAndPutPixels() as well as ParsePixels() is vulnerable to a stack-based buffer overflow too.
Additionally Matthieu Herrb found two one-byte buffer overflows.