View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2016-10164 severity important: SUSE including 97 source package names (beta1:libXpm4-3.5.11-5.1, drm-utils-2.4.74-1.el7, …), 232 product×package rows across 36 product lines (Container caasp/v4/nginx-ingress-controller, Image SLES12-SP5-Azure-SAP-BYOS, … (36 product lines)): Fixed 232.
Multiple integer overflows in libXpm before 3.5.12, when a program requests parsing XPM extensions on a 64-bit platform, allow remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via (1) the number of extensions or (2) their concatenated length in a crafted XPM file, which triggers a heap-based buffer overflow.