From: Tobias Stoeckmann <tob...@stoeckmann.org> libXpm is vulnerable to an out of boundary read if an XPM file contains a color with a symbolic name but without any default color value.
A caller must set XpmColorSymbols and a color with a NULL name in the supplied XpmAttributes to XpmReadFileToImage (or other functions of this type) in order to trigger this issue. --- src/create.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/create.c b/src/create.c index d013da9..a750846 100644 --- a/src/create.c +++ b/src/create.c @@ -647,7 +647,8 @@ CreateColors( while (def_index <= 5 && defaults[def_index] == NULL) ++def_index; } - if (def_index >= 2 && defaults[def_index] != NULL && + if (def_index >= 2 && def_index <= 5 && + defaults[def_index] != NULL && !xpmstrcasecmp(symbol->value, defaults[def_index])) break; } -- 2.10.2 _______________________________________________ xorg-devel@lists.x.org: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: https://lists.x.org/mailman/listinfo/xorg-devel