Skip to content

Security fixes for Oct. 3 advisory

Alan Coopersmith requested to merge alanc/libxpm:sec-fixes into master

Alan Coopersmith (6):

  • Fix CVE-2023-43788: Out of bounds read in XpmCreateXpmImageFromBuffer
  • test: Add test case for CVE-2023-43789 (corrupt colormap info)
  • Fix CVE-2023-43789: Out of bounds read on XPM with corrupted colormap
  • test: Add test case for CVE-2023-43786 (stack exhaustion in PutImage)
  • Avoid CVE-2023-43786: stack exhaustion in XPutImage()
  • test: Add test case for CVE-2023-43787 (integer overflow in XCreateImage)

Yair Mizrahi (1):

  • Avoid CVE-2023-43787 (integer overflow in XCreateImage)

Merge request reports