Alerts This Week
Warning Icon 1 905
Alerts This Week
Warning Icon 1 905

Mageia: 2023-0293 Low: Libxpm Buffer Overflow Vulnerability

mageia
Calendar Grey October 20, 2023
Dist Mageia Esm H88
Mageia has released updates for the libxpm packages to fix serious security vulnerabilities and to mitigate memory leak concerns on impacted systems.
A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function

Summary

A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local to trigger an out-of-bounds read error and read the contents of memory on the system. (CVE-2023-43788)
Out of bounds read on XPM with corrupted colormap. (CVE-2023-43789)

References

- https://bugs.mageia.org/show_bug.cgi?id=32359

- https://www.openwall.com/lists/oss-security/2023/10/03/1

- https://www.cve.org/CVERecord?id=CVE-2023-43788

- https://www.cve.org/CVERecord?id=CVE-2023-43789

Topics%20covered

Topics Covered

security advisory security issue moderate severity memory leak out-of-bounds read libxpm Mageia

Resolution

SRPMS

- 9/core/libxpm-3.5.15-1.1.mga9

- 8/core/libxpm-3.5.15-1.1.mga8

Severity
low
Lowest
Low
Medium
High
Critical

Publication date: 20 Oct 2023
URL: https://advisories.mageia.org/MGASA-2023-0292.html
Type: security
CVE: CVE-2023-43788, CVE-2023-43789

Topics%20covered

Topics Covered

security advisory security issue moderate severity memory leak out-of-bounds read libxpm Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here