CVE-2016-10164 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Libxpm

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190 — Integer Overflow or Wraparound CWE-787 — Out-of-bounds Write9 documents8 sources

Severity

9.8CRITICALNVD

EPSS

3.7%

top 11.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

X.org Libxpm

Timeline

PublishedFeb 1

Latest updateMay 14

Description

Multiple integer overflows in libXpm before 3.5.12, when a program requests parsing XPM extensions on a 64-bit platform, allow remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via (1) the number of extensions or (2) their concatenated length in a crafted XPM file, which triggers a heap-based buffer overflow.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶Debianx.org/libxpm< 1:3.5.12-1+3

▶NVDx.org/libxpm3.5.11

Patches

Patch: www.openwall.com ↗Patch: www.openwall.com ↗Patch: cgit.freedesktop.org ↗

🔴Vulnerability Details

GHSA

GHSA-fhfv-mh3h-f699: Multiple integer overflows in libXpm before 3↗2022-05-14

▶

OSV

CVE-2016-10164: Multiple integer overflows in libXpm before 3↗2017-02-01

▶

CVEList

CVE-2016-10164: Multiple integer overflows in libXpm before 3↗2017-02-01

▶

📋Vendor Advisories

Ubuntu

libXpm vulnerability↗2017-02-01

▶

Red Hat

libXpm: Out-of-bounds write in XPM extension parsing↗2016-12-12

▶

Debian

CVE-2016-10164: libxpm - Multiple integer overflows in libXpm before 3.5.12, when a program requests pars...↗2016

▶

💬Community

Bugzilla

CVE-2016-10164 libXpm: Out-of-bounds write in XPM extension parsing↗2017-01-25

▶

Bugzilla

CVE-2016-10164 libXpm: Out-of-bounds write in XPM extension parsing [fedora-24]↗2017-01-25

▶