Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 915130 (CVE-2023-43788, CVE-2023-43789) - <x11-libs/libXpm-3.5.17: Multiple vulnerabilities
Summary: <x11-libs/libXpm-3.5.17: Multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2023-43788, CVE-2023-43789
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa+]
Keywords:
Depends on: 915194
Blocks:
  Show dependency tree
 
Reported: 2023-10-03 18:22 UTC by Sam James
Modified: 2024-08-07 05:23 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-10-03 18:22:24 UTC
4) CVE-2023-43788 libXpm: out of bounds read in XpmCreateXpmImageFromBuffer()

Introduced in: unknown - prior to xpm-3.4k [released 1998]
Fixed in: libXpm 3.5.17
Found by: Alan Coopersmith of Oracle Solaris Engineering
Fixed by: Alan Coopersmith of Oracle Solaris Engineering

When the test case for CVE-2022-46285 (fixed in libXpm 3.5.15) was run
with the Address Sanitizer enabled, it found an out-of-bounds read in
ParseComment() when reading from a memory buffer instead of a file, as
it continued to look for the closing comment marker past the end of the
buffer.

Fix:
https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/2fa554b01ef6079a9b35df9332bdc4f139ed67e0

5) CVE-2023-43789 libXpm: out of bounds read on XPM with corrupted colormap

Introduced in: unknown - prior to xpm-3.4k [released 1998]
Fixed in: libXpm 3.5.17
Found by: Alan Coopersmith of Oracle Solaris Engineering
Fixed by: Alan Coopersmith of Oracle Solaris Engineering

Fuzzing with clang's -fsanitize/libfuzzer generated an XPM file with a
corrupted colormap section which caused libXpm to read out of bounds.

Fix:
https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/7e21cb63b9a1ca760a06cc4cd9b19bbc3fcd8f51

----------------------------------------------------------------------------
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-10-03 18:23:21 UTC
Please stable when ready.
Comment 2 Larry the Git Cow gentoo-dev 2023-10-05 12:38:54 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=81b607dc88374467192e57704260fcd7a4b07caf

commit 81b607dc88374467192e57704260fcd7a4b07caf
Author:     Matt Turner <mattst88@gentoo.org>
AuthorDate: 2023-10-05 12:37:21 +0000
Commit:     Matt Turner <mattst88@gentoo.org>
CommitDate: 2023-10-05 12:37:43 +0000

    x11-libs/libXpm: Drop old versions
    
    Bug: https://bugs.gentoo.org/915130
    Signed-off-by: Matt Turner <mattst88@gentoo.org>

 x11-libs/libXpm/Manifest             |  1 -
 x11-libs/libXpm/libXpm-3.5.16.ebuild | 41 ------------------------------------
 2 files changed, 42 deletions(-)
Comment 3 Larry the Git Cow gentoo-dev 2024-08-07 05:22:26 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=d249388c2be16bdcae27a37364e00167f2e41221

commit d249388c2be16bdcae27a37364e00167f2e41221
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-08-07 05:22:06 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-08-07 05:22:24 +0000

    [ GLSA 202408-03 ] libXpm: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/891209
    Bug: https://bugs.gentoo.org/915130
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202408-03.xml | 47 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)