{"id":"MGASA-2017-0035","summary":"Updated libxpm packages fix security vulnerability","details":"An out of boundary write has been found in libXpm before 3.5.12 which\ncan be exploited by an attacker through maliciously crafted XPM files.\nTo trigger the vulnerability, a program must explicitly request to also\nparse XPM extensions while reading files. The motif toolkit and xdm are\ntwo among some programs that set the flag (XpmReturnExtensions). It can\nonly be exploited on 64-bit systems (CVE-2016-10164).\n","modified":"2026-04-16T01:45:57.995616772Z","published":"2017-02-02T08:11:52Z","upstream":["CVE-2016-10164"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0035.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=20180"},{"type":"WEB","url":"http://openwall.com/lists/oss-security/2017/01/25/7"}],"affected":[{"package":{"name":"libxpm","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/libxpm?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.5.12-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0035.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}