A potential buffer overflow from the use of unsigned integers has been found in the XPM processing library of xorg. https://bugs.freedesktop.org/show_bug.cgi?id=1920
Adding to RHEL4U2 tracker
setting to moderate severity since only a subset of applications are affected by this, and many of those do not parse untrusted xpm files. Applications like the gimp and others have their own xpm implementations.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-198.html