4) CVE-2023-43788 libXpm: out of bounds read in XpmCreateXpmImageFromBuffer() Introduced in: unknown - prior to xpm-3.4k [released 1998] Fixed in: libXpm 3.5.17 Found by: Alan Coopersmith of Oracle Solaris Engineering Fixed by: Alan Coopersmith of Oracle Solaris Engineering When the test case for CVE-2022-46285 (fixed in libXpm 3.5.15) was run with the Address Sanitizer enabled, it found an out-of-bounds read in ParseComment() when reading from a memory buffer instead of a file, as it continued to look for the closing comment marker past the end of the buffer. Fix: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/2fa554b01ef6079a9b35df9332bdc4f139ed67e0 5) CVE-2023-43789 libXpm: out of bounds read on XPM with corrupted colormap Introduced in: unknown - prior to xpm-3.4k [released 1998] Fixed in: libXpm 3.5.17 Found by: Alan Coopersmith of Oracle Solaris Engineering Fixed by: Alan Coopersmith of Oracle Solaris Engineering Fuzzing with clang's -fsanitize/libfuzzer generated an XPM file with a corrupted colormap section which caused libXpm to read out of bounds. Fix: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/7e21cb63b9a1ca760a06cc4cd9b19bbc3fcd8f51 ----------------------------------------------------------------------------
Please stable when ready.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=81b607dc88374467192e57704260fcd7a4b07caf commit 81b607dc88374467192e57704260fcd7a4b07caf Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2023-10-05 12:37:21 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2023-10-05 12:37:43 +0000 x11-libs/libXpm: Drop old versions Bug: https://bugs.gentoo.org/915130 Signed-off-by: Matt Turner <mattst88@gentoo.org> x11-libs/libXpm/Manifest | 1 - x11-libs/libXpm/libXpm-3.5.16.ebuild | 41 ------------------------------------ 2 files changed, 42 deletions(-)
