QwikSec

Security Database

CVE

CWE

Training

CVE-2016-10164

Published: Feb 1, 2017

Modified: Aug 6, 2024

PUBLISHED

Description

Multiple integer overflows in libXpm before 3.5.12, when a program requests parsing XPM extensions on a 64-bit platform, allow remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via (1) the number of extensions or (2) their concatenated length in a crafted XPM file, which triggers a heap-based buffer overflow.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20170125 Re: CVE Request: libXpm < 3.5.12 heap overflow

mailing-list

x_refsource_MLIST

[xorg] 20161215 [ANNOUNCE] libXpm 3.5.12

mailing-list

x_refsource_MLIST

[oss-security] 20170122 CVE Request: libXpm < 3.5.12 heap overflow

mailing-list

x_refsource_MLIST

vdb-entry

x_refsource_BID

https://cgit.freedesktop.org/xorg/lib/libXpm/commit/?id=d1167418f0fd02a27f617ec5afd6db053afbe185

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_DEBIAN

vendor-advisory

x_refsource_GENTOO

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.