CVE-2016-10164

Multiple integer overflows in libXpm before 3.5.12, when a program requests parsing XPM extensions on a 64-bit platform, allow remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via (1) the number of extensions or (2) their concatenated length in a crafted XPM file, which triggers a heap-based buffer overflow.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
Affected Products (NVD)
VendorProductVersion
x.orglibxpm
𝑥
≤ 3.5.11
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libxpm
bookworm
1:3.5.12-1.1+deb12u1
fixed
bookworm (security)
1:3.5.12-1.1+deb12u1
fixed
bullseye
1:3.5.12-1.1+deb11u1
fixed
bullseye (security)
1:3.5.12-1.1+deb11u1
fixed
sid
1:3.5.17-1
fixed
trixie
1:3.5.17-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libxpm
precise
Fixed 1:3.5.9-4ubuntu0.1
released
trusty
Fixed 1:3.5.10-1ubuntu0.1
released
xenial
Fixed 1:3.5.11-1ubuntu0.16.04.1
released
yakkety
Fixed 1:3.5.11-1ubuntu0.16.10.1
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libXpm4
suse enterprise sap 12 SP1
3.5.11-5.1
fixed
suse enterprise sap 12 SP2
3.5.11-5.1
fixed
suse enterprise sap 12 SP5
3.5.11-5.1
fixed
suse enterprise server 12 SP1
3.5.11-5.1
fixed
suse enterprise server 12 SP2
3.5.11-5.1
fixed
suse enterprise server 12 SP3
3.5.11-5.1
fixed
suse enterprise server 12 SP4
3.5.11-5.1
fixed
suse enterprise server 12 SP5
3.5.11-5.1
fixed
libXpm4-32bit
suse enterprise sap 12 SP1
3.5.11-5.1
fixed
suse enterprise sap 12 SP2
3.5.11-5.1
fixed
suse enterprise sap 12 SP5
3.5.11-5.1
fixed
suse enterprise server 12 SP1
3.5.11-5.1
fixed
suse enterprise server 12 SP2
3.5.11-5.1
fixed
suse enterprise server 12 SP3
3.5.11-5.1
fixed
suse enterprise server 12 SP4
3.5.11-5.1
fixed
suse enterprise server 12 SP5
3.5.11-5.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
drm-utils
RHEL 7
0:2.4.74-1.el7
fixed
libICE
RHEL 7
0:1.0.9-9.el7
fixed
libICE-devel
RHEL 7
0:1.0.9-9.el7
fixed
libX11
RHEL 7
0:1.6.5-1.el7
fixed
libX11-common
RHEL 7
0:1.6.5-1.el7
fixed
libX11-devel
RHEL 7
0:1.6.5-1.el7
fixed
libXaw
RHEL 7
0:1.0.13-4.el7
fixed
libXaw-devel
RHEL 7
0:1.0.13-4.el7
fixed
libXcursor
RHEL 7
0:1.1.14-8.el7
fixed
libXcursor-devel
RHEL 7
0:1.1.14-8.el7
fixed
libXdmcp
RHEL 7
0:1.1.2-6.el7
fixed
libXdmcp-devel
RHEL 7
0:1.1.2-6.el7
fixed
libXfixes
RHEL 7
0:5.0.3-1.el7
fixed
libXfixes-devel
RHEL 7
0:5.0.3-1.el7
fixed
libXfont
RHEL 7
0:1.5.2-1.el7
fixed
libXfont-devel
RHEL 7
0:1.5.2-1.el7
fixed
libXfont2
RHEL 7
0:2.0.1-2.el7
fixed
libXfont2-devel
RHEL 7
0:2.0.1-2.el7
fixed
libXi
RHEL 7
0:1.7.9-1.el7
fixed
libXi-devel
RHEL 7
0:1.7.9-1.el7
fixed
libXpm
RHEL 7
0:3.5.12-1.el7
fixed
libXpm-devel
RHEL 7
0:3.5.12-1.el7
fixed
libXrandr
RHEL 7
0:1.5.1-2.el7
fixed
libXrandr-devel
RHEL 7
0:1.5.1-2.el7
fixed
libXrender
RHEL 7
0:0.9.10-1.el7
fixed
libXrender-devel
RHEL 7
0:0.9.10-1.el7
fixed
libXt
RHEL 7
0:1.1.5-3.el7
fixed
libXt-devel
RHEL 7
0:1.1.5-3.el7
fixed
libXtst
RHEL 7
0:1.2.3-1.el7
fixed
libXtst-devel
RHEL 7
0:1.2.3-1.el7
fixed
libXv
RHEL 7
0:1.0.11-1.el7
fixed
libXv-devel
RHEL 7
0:1.0.11-1.el7
fixed
libXvMC
RHEL 7
0:1.0.10-1.el7
fixed
libXvMC-devel
RHEL 7
0:1.0.10-1.el7
fixed
libXxf86vm
RHEL 7
0:1.1.4-1.el7
fixed
libXxf86vm-devel
RHEL 7
0:1.1.4-1.el7
fixed
libdrm
RHEL 7
0:2.4.74-1.el7
fixed
libdrm-devel
RHEL 7
0:2.4.74-1.el7
fixed
libepoxy
RHEL 7
0:1.3.1-1.el7
fixed
libepoxy-devel
RHEL 7
0:1.3.1-1.el7
fixed
libevdev
RHEL 7
0:1.5.6-1.el7
fixed
libevdev-devel
RHEL 7
0:1.5.6-1.el7
fixed
libevdev-utils
RHEL 7
0:1.5.6-1.el7
fixed
libfontenc
RHEL 7
0:1.1.3-3.el7
fixed
libfontenc-devel
RHEL 7
0:1.1.3-3.el7
fixed
libinput
RHEL 7
0:1.6.3-2.el7
fixed
libinput-devel
RHEL 7
0:1.6.3-2.el7
fixed
libvdpau
RHEL 7
0:1.1.1-3.el7
fixed
libvdpau-devel
RHEL 7
0:1.1.1-3.el7
fixed
libvdpau-docs
RHEL 7
0:1.1.1-3.el7
fixed
libwacom
RHEL 7
0:0.24-1.el7
fixed
libwacom-data
RHEL 7
0:0.24-1.el7
fixed
libwacom-devel
RHEL 7
0:0.24-1.el7
fixed
libxcb
RHEL 7
0:1.12-1.el7
fixed
libxcb-devel
RHEL 7
0:1.12-1.el7
fixed
libxcb-doc
RHEL 7
0:1.12-1.el7
fixed
libxkbcommon
RHEL 7
0:0.7.1-1.el7
fixed
libxkbcommon-devel
RHEL 7
0:0.7.1-1.el7
fixed
libxkbcommon-x11
RHEL 7
0:0.7.1-1.el7
fixed
libxkbcommon-x11-devel
RHEL 7
0:0.7.1-1.el7
fixed
libxkbfile
RHEL 7
0:1.0.9-3.el7
fixed
libxkbfile-devel
RHEL 7
0:1.0.9-3.el7
fixed
mesa-dri-drivers
RHEL 7
0:17.0.1-6.20170307.el7
fixed
mesa-filesystem
RHEL 7
0:17.0.1-6.20170307.el7
fixed
mesa-libEGL
RHEL 7
0:17.0.1-6.20170307.el7
fixed
mesa-libEGL-devel
RHEL 7
0:17.0.1-6.20170307.el7
fixed
mesa-libGL
RHEL 7
0:17.0.1-6.20170307.el7
fixed
mesa-libGL-devel
RHEL 7
0:17.0.1-6.20170307.el7
fixed
mesa-libGLES
RHEL 7
0:17.0.1-6.20170307.el7
fixed
mesa-libGLES-devel
RHEL 7
0:17.0.1-6.20170307.el7
fixed
mesa-libOSMesa
RHEL 7
0:17.0.1-6.20170307.el7
fixed
mesa-libOSMesa-devel
RHEL 7
0:17.0.1-6.20170307.el7
fixed
mesa-libgbm
RHEL 7
0:17.0.1-6.20170307.el7
fixed
mesa-libgbm-devel
RHEL 7
0:17.0.1-6.20170307.el7
fixed
mesa-libglapi
RHEL 7
0:17.0.1-6.20170307.el7
fixed
mesa-libxatracker
RHEL 7
0:17.0.1-6.20170307.el7
fixed
mesa-libxatracker-devel
RHEL 7
0:17.0.1-6.20170307.el7
fixed
mesa-private-llvm
RHEL 7
0:3.9.1-3.el7
fixed
mesa-private-llvm-devel
RHEL 7
0:3.9.1-3.el7
fixed
mesa-vulkan-drivers
RHEL 7
0:17.0.1-6.20170307.el7
fixed
vulkan
RHEL 7
0:1.0.39.1-2.el7
fixed
vulkan-devel
RHEL 7
0:1.0.39.1-2.el7
fixed
vulkan-filesystem
RHEL 7
0:1.0.39.1-2.el7
fixed
xcb-proto
RHEL 7
0:1.12-2.el7
fixed
xkeyboard-config
RHEL 7
0:2.20-1.el7
fixed
xkeyboard-config-devel
RHEL 7
0:2.20-1.el7
fixed
xorg-x11-proto-devel
RHEL 7
0:7.7-20.el7
fixed
Common Weakness Enumeration
References
http://www.debian.org/security/2017/dsa-3772
http://www.openwall.com/lists/oss-security/2017/01/22/2
http://www.openwall.com/lists/oss-security/2017/01/25/7
http://www.securityfocus.com/bid/95785
https://access.redhat.com/errata/RHSA-2017:1865
https://cgit.freedesktop.org/xorg/lib/libXpm/commit/?id=d1167418f0fd02a27f617ec5afd6db053afbe185
https://lists.freedesktop.org/archives/xorg/2016-December/058537.html
https://security.gentoo.org/glsa/201701-72
http://www.debian.org/security/2017/dsa-3772
http://www.openwall.com/lists/oss-security/2017/01/22/2
http://www.openwall.com/lists/oss-security/2017/01/25/7
http://www.securityfocus.com/bid/95785
https://access.redhat.com/errata/RHSA-2017:1865
https://cgit.freedesktop.org/xorg/lib/libXpm/commit/?id=d1167418f0fd02a27f617ec5afd6db053afbe185
https://lists.freedesktop.org/archives/xorg/2016-December/058537.html
https://security.gentoo.org/glsa/201701-72