An out of boundary write has been found in libXpm which can be exploited by an attacker through maliciously crafted XPM files. The affected code is prone to two 32 bit integer overflows while parsing extensions: the amount of extensions and their concatenated length. References: http://seclists.org/oss-sec/2017/q1/167 Upstream patch: https://cgit.freedesktop.org/xorg/lib/libXpm/commit/?id=d1167418f0fd02a27f617ec5afd6db053afbe185
Created libXpm tracking bugs for this issue: Affects: fedora-24 [bug 1416442]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:1865 https://access.redhat.com/errata/RHSA-2017:1865