FreeBSD : xpm -- image decoding vulnerabilities (ef253f8b-0727-11d9-b45d-000c41e2cdad)
High Nessus Plugin ID 19161
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionChris Evans discovered several vulnerabilities in the libXpm image decoder :
- A stack-based buffer overflow in xpmParseColors
- An integer overflow in xpmParseColors
- A stack-based buffer overflow in ParsePixels and ParseAndPutPixels
The X11R6.8.1 release announcement reads :
This version is purely a security release, addressing multiple integer and stack overflows in libXpm, the X Pixmap library; all known versions of X (both XFree86 and X.Org) are affected, so all users of X are strongly encouraged to upgrade.
SolutionUpdate the affected packages.