ELA-875-1 libxpm security update
Package : libxpmELA-875-1 libxpm security update
Version : 1:3.5.12-0+deb8u2 (jessie), 1:3.5.12-1+deb9u1 (stretch)
Related CVEs :
Multiple vulnerabilities where found in libxpm, a library handling X PixMap image format (so called xpm files).
xpm files are an extension of the monochrome X BitMap format specified in the X protocol, and are commonly used in traditional X applications.
When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable.
When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library.
When parsing a file with a comment not closed an end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library.
A libxpm security update has been released for Debian GNU/Linux 8 and 9 Extended LTS to address multiple vulnerabilities.