Red Hat Bugzilla – Bug 135080
CAN-2004-0687 buffer overflows in libXpm
Last modified: 2008-01-28 11:01:06 EST
Multiple stack-based buffer overflows in (1) xpmParseColors in
parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in
parse.c for libXpm before 6.8.1 allow remote attackers to execute
arbitrary code via a malformed XPM image file.
This library itself is contained in lesstif.
*** Bug 136981 has been marked as a duplicate of this bug. ***
Thanks for the bug report. However, Red Hat no longer maintains this version of
the product. Please upgrade to the latest version and open a new bug if the problem
The Fedora Legacy project (http://fedoralegacy.org/) maintains some older releases,
and if you believe this bug is interesting to them, please report the problem in
the bug tracker at: http://bugzilla.fedora.us/
lesstif is no longer included in FC4 or extras. Please report the problem
upstream if still present.