USN-97-1: libxpm vulnerability

16 March 2005

xfree86 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 4.10

Software Description

Details

Chris Gilbert discovered a buffer overflow in the XPM library shipped with XFree86. If an attacker tricked a user into loading a malicious XPM image with an application that uses libxpm, he could exploit this to execute arbitrary code with the privileges of the user opening the image.

These overflows do not allow privilege escalation through the X server; the overflows are in a client-side library.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 4.10
libxpm4
libxpm4-dbg

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References