|Description||scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.|
|Source||CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)|
|NVD severity||high (attack range: remote)|
|Debian Bugs||298183, 299236, 308819|
The information below is based on the following data on fixed versions.
libxmp4 is the real culprit
- xorg-x11 <not-affected> (Fixed before upload into archive)
[sarge] - openmotif <no-dsa> (Non-free)