Contributed by grey on from the I don't have anything witty to say at the moment dept.
Chris Evans reported several flaws (stack and integer overflows) in the Xpm library code that parses image files (CAN-2004-0687, CAN-2004-0688). Some of these would be exploitable when parsing malicious image files in an application that handles XPM images, if they could escape ProPolice.
As always, be sure to check http://www.openbsd.org/errata.html for additional information regarding security and reliability fixes.
(Comments are closed)