Security fixes for Oct. 3 advisory (!21) · Merge requests · xorg / lib / libXpm · GitLab

Due to an influx of spam, we have had to impose restrictions on new accounts. Please see this wiki page for instructions on how to get full permissions. Sorry for the inconvenience.

Alan Coopersmith requested to merge alanc/libxpm:sec-fixes into master Oct 03, 2023

Alan Coopersmith (6):

Fix CVE-2023-43788: Out of bounds read in XpmCreateXpmImageFromBuffer
test: Add test case for CVE-2023-43789 (corrupt colormap info)
Fix CVE-2023-43789: Out of bounds read on XPM with corrupted colormap
test: Add test case for CVE-2023-43786 (stack exhaustion in PutImage)
Avoid CVE-2023-43786: stack exhaustion in XPutImage()
test: Add test case for CVE-2023-43787 (integer overflow in XCreateImage)

Yair Mizrahi (1):

Avoid CVE-2023-43787 (integer overflow in XCreateImage)