Updated libxpm packages fix security vulnerabilities
Publication date: 20 Oct 2023Modification date: 20 Oct 2023
Type: security
Affected Mageia releases : 8 , 9
CVE: CVE-2023-43788 , CVE-2023-43789
Description
A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local to trigger an out-of-bounds read error and read the contents of memory on the system. (CVE-2023-43788) Out of bounds read on XPM with corrupted colormap. (CVE-2023-43789)
References
SRPMS
9/core
- libxpm-3.5.15-1.1.mga9
8/core
- libxpm-3.5.15-1.1.mga8