CVE-2016-10164 in libXpminfo

Summary

Multiple integer overflows in libXpm before 3.5.12, when a program requests parsing XPM extensions on a 64-bit platform, allow remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via (1) the number of extensions or (2) their concatenated length in a crafted XPM file, which triggers a heap-based buffer overflow.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Reservation

01/25/2017

Disclosure

02/01/2017

Moderation

VulDB entry created

Entries

1: VDB-96084

CPE

ready

CWE

CWE-787 (Confirmed)

CVSS

8.5

EPSS

0.03739

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-10164
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-10164
CVE Details	https://www.cvedetails.com/cve/CVE-2016-10164/

◂ Previous Overview Next ▸

Might our Artificial Intelligence support you?

Check our Alexa App!