Advisories » MGASA-2023-0292

Updated libxpm packages fix security vulnerabilities

Publication date: 20 Oct 2023
Modification date: 20 Oct 2023
Type: security
Affected Mageia releases : 8 , 9
CVE: CVE-2023-43788 , CVE-2023-43789

Description

A vulnerability was found in libXpm due to a boundary condition within
the XpmCreateXpmImageFromBuffer() function. This flaw allows a local to
trigger an out-of-bounds read error and read the contents of memory on
the system. (CVE-2023-43788)

Out of bounds read on XPM with corrupted colormap. (CVE-2023-43789)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=32359
• https://www.openwall.com/lists/oss-security/2023/10/03/1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43788
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43789

SRPMS

9/core

• libxpm-3.5.15-1.1.mga9

8/core

• libxpm-3.5.15-1.1.mga8