X.org: libXpm vulnerability — GLSA 200503-15

A new vulnerability has been discovered in libXpm, which is included in X.org, that can potentially lead to remote code execution.

Affected packages

x11-base/xorg-x11 on all architectures
Affected versions < 6.8.2-r1
Unaffected versions revision >= 6.8.0-r5
>= 6.8.2-r1

Background

libXpm is a pixmap manipulation library for the X Window System, included in X.org.

Description

Chris Gilbert has discovered potentially exploitable buffer overflow cases in libXpm that weren't fixed in previous libXpm versions.

Impact

A carefully-crafted XPM file could crash X.org, potentially allowing the execution of arbitrary code with the privileges of the user running the application.

Workaround

There is no known workaround at this time.

Resolution

All X.org users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose x11-base/xorg-x11

References

Release date
March 12, 2005

Latest revision
March 12, 2005: 02

Severity
normal

Exploitable
remote

Bugzilla entries