Security fixes for Oct. 3 advisory (!21) · Merge requests · xorg / lib / libXpm · GitLab

Alan Coopersmith requested to merge alanc/libxpm:sec-fixes into master Oct 03, 2023

Alan Coopersmith (6):

Fix CVE-2023-43788: Out of bounds read in XpmCreateXpmImageFromBuffer
test: Add test case for CVE-2023-43789 (corrupt colormap info)
Fix CVE-2023-43789: Out of bounds read on XPM with corrupted colormap
test: Add test case for CVE-2023-43786 (stack exhaustion in PutImage)
Avoid CVE-2023-43786: stack exhaustion in XPutImage()
test: Add test case for CVE-2023-43787 (integer overflow in XCreateImage)

Yair Mizrahi (1):

Avoid CVE-2023-43787 (integer overflow in XCreateImage)