[Midnightbsd-cvs] [MidnightBSD/mports] 391bf6: x11/libXpm: 3.5.19
Lucas Holt
noreply at github.com
Tue Apr 21 15:37:44 EDT 2026
Branch: refs/heads/master
Home: https://github.com/MidnightBSD/mports
Commit: 391bf69ba82d8d695ea75ad7ab0ba469e72310e5
https://github.com/MidnightBSD/mports/commit/391bf69ba82d8d695ea75ad7ab0ba469e72310e5
Author: Lucas Holt <luke at foolishgames.com>
Date: 2026-04-21 (Tue, 21 Apr 2026)
Changed paths:
M x11/libXpm/Makefile
M x11/libXpm/distinfo
Log Message:
-----------
x11/libXpm: 3.5.19
* CVE-2026-4367: libXpm Out-of-bounds read in xpmNextWord()
libXpm uses a number of internal helper functions to parse the XPM file
format.
One of these internal functions, xpmNextString(), checks for the NULL
terminator when looking for the end of the current string but not when
looking for the beginning of the next string.
A small XPM file with a malformed color table definition may cause the
function xpmNextWord(), called from xpmParseColors() following a call
to xpmNextString(), to start past the actual end of the file, causing
an out-of-bound read.
Introduced in: Unknown, prior to 3.5.5 (from Xorg 7.1)
Fixed in: libXpm-3.5.19
Fix: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/5448e1bd
Found by: Naoki Wakamatsu
To unsubscribe from these emails, change your notification settings at https://github.com/MidnightBSD/mports/settings/notifications
More information about the Midnightbsd-cvs
mailing list