Chris Gilbert

**Name of the Vulnerable Software and Affected Versions** LibXPM (affected versions not specified) lesstif versions 0.93.15 lesstif-devel versions 0.93.15 **Description** The issue allows attackers to execute arbitrary code via a buffer overflow caused by a negative bitmap unit value in scan.c for LibXPM. For lesstif and lesstif-devel packages in Red Hat Enterprise Linux, exploitation can lead to disruption of confidentiality, integrity, and availability of protected information. The vulnerability can be exploited remotely. **Recommendations** For LibXPM, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For lesstif version 0.93.15, update to a version that fixes the vulnerability. For lesstif-devel version 0.93.15, update to a version that fixes the vulnerability.