FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

x11/libXpm multiple vulnerabilities

Affected packages
libXpm < 3.5.17


VuXML ID 199cdb4d-690d-11ee-9ed0-001fc69cd6dc
Discovery 2023-09-22
Entry 2023-10-12

The X.Org project reports:

CVE-2023-43788: Out of bounds read in XpmCreateXpmImageFromBuffer
An out-of-bounds read is located in ParseComment() when reading from a memory buffer instead of a file, as it continued to look for the closing comment marker past the end of the buffer.
CVE-2023-43789: Out of bounds read on XPM with corrupted colormap
A corrupted colormap section may cause libXpm to read out of bounds.


CVE Name CVE-2023-43788
CVE Name CVE-2023-43789