vulnerability
SUSE: CVE-2016-10164: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Jan 26, 2017 | Feb 16, 2017 | Aug 21, 2021 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Jan 26, 2017
Added
Feb 16, 2017
Modified
Aug 21, 2021
Description
Multiple integer overflows in libXpm before 3.5.12, when a program requests parsing XPM extensions on a 64-bit platform, allow remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via (1) the number of extensions or (2) their concatenated length in a crafted XPM file, which triggers a heap-based buffer overflow.
Solutions
suse-upgrade-libxpm-develsuse-upgrade-libxpm-toolssuse-upgrade-libxpm4suse-upgrade-libxpm4-32bitsuse-upgrade-xorg-x11-libxpmsuse-upgrade-xorg-x11-libxpm-32bitsuse-upgrade-xorg-x11-libxpm-develsuse-upgrade-xorg-x11-libxpm-devel-32bitsuse-upgrade-xorg-x11-libxpm-x86
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.