CVE-2016-10164

CVE-2016-10164

Name

CVE-2016-10164

Description

Multiple integer overflows in libXpm before 3.5.12, when a program requests parsing XPM extensions on a 64-bit platform, allow remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via (1) the number of extensions or (2) their concatenated length in a crafted XPM file, which triggers a heap-based buffer overflow.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
cve@mitre.org	http://www.debian.org/security/2017/dsa-3772
Mailing List	http://www.openwall.com/lists/oss-security/2017/01/22/2
Mailing List	http://www.openwall.com/lists/oss-security/2017/01/25/7
Third Party Advisory	http://www.securityfocus.com/bid/95785
cve@mitre.org	https://access.redhat.com/errata/RHSA-2017:1865
Issue Tracking	https://cgit.freedesktop.org/xorg/lib/libXpm/commit/?id=d1167418f0fd02a27f617ec5afd6db053afbe185
Issue Tracking	https://lists.freedesktop.org/archives/xorg/2016-December/058537.html
cve@mitre.org	https://security.gentoo.org/glsa/201701-72

Type

URI

cve@mitre.org

http://www.debian.org/security/2017/dsa-3772

Mailing List

http://www.openwall.com/lists/oss-security/2017/01/22/2

Mailing List

http://www.openwall.com/lists/oss-security/2017/01/25/7

Third Party Advisory

http://www.securityfocus.com/bid/95785

cve@mitre.org

https://access.redhat.com/errata/RHSA-2017:1865