Contributed by grey on from the I don't have anything witty to say at the moment dept.
Chris Evans reported several flaws (stack and integer overflows) in the Xpm library code that parses image files (CAN-2004-0687, CAN-2004-0688). Some of these would be exploitable when parsing malicious image files in an application that handles XPM images, if they could escape ProPolice.
As always, be sure to check http://www.openbsd.org/errata.html for additional information regarding security and reliability fixes.
(Comments are closed)
By Anonymous Coward (64.122.103.201) on
Is anyone auditing other pictures libraries, i.e. gif, jpeg, tiff or even any kind of streaming library, mp3, mpeg that could produce similar results... atm?
This seems to be an interesting vulnerability that bypasses propolice.
Comments
By Leon Yendor (218.214.194.113) on
Comments
By Anonymous Coward (192.195.135.35) on
Comments
By Anonymous Coward (203.217.30.86) on
By Anonymous Coward (24.46.36.183) on
Comments
By Anonymous Coward (195.217.242.33) on
By looking at it and fetching the images, you basically let them know that your account is live.
Alternatively it might be just a way of by-passing your spam filters.
By Anonymous Coward (64.122.103.201) on