{"id":"MGASA-2023-0292","summary":"Updated libxpm packages fix security vulnerabilities","details":"A vulnerability was found in libXpm due to a boundary condition within\nthe XpmCreateXpmImageFromBuffer() function. This flaw allows a local to\ntrigger an out-of-bounds read error and read the contents of memory on\nthe system. (CVE-2023-43788)\n\nOut of bounds read on XPM with corrupted colormap. (CVE-2023-43789)\n","modified":"2026-02-04T02:45:39.170552Z","published":"2023-10-20T08:34:20Z","related":["CVE-2023-43788","CVE-2023-43789"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2023-0292.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=32359"},{"type":"REPORT","url":"https://www.openwall.com/lists/oss-security/2023/10/03/1"}],"affected":[{"package":{"name":"libxpm","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/libxpm?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.5.15-1.1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0292.json"}},{"package":{"name":"libxpm","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/libxpm?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.5.15-1.1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0292.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}