xloadimage Buffer Overflow Vulnerability

xloadimage is a utility used for displaying images of varying formats on X11 servers.

xloadimage and possibly derivatives such as 'xli' contain a buffer overflow vulnerability in the handling of the 'Faces Project' image type.

It is possible for remote attackers to create a file that will exploit this overflow to execute arbitrary code. An optional netscape plugin shipped with Red Hat powertools invokes xloadimage to load certain image types. If this plugin is in use, this vulnerability may be remotely exploitable if an attacker places the exploit-file on a webserver.

S.uS.E. Linux also ships with plugger, which invokes a derivative of xloadimage called 'xli'. 'xli' is also vulnerable.


Privacy Statement
Copyright 2010, SecurityFocus