gtk+ version 2.4.4 has heap and stack-based overflows that can allow for the compromise of an account used to browse a malicious XPM file.
109cfb0bda1034d53ac5db82dc78234e1d4ebcc321a14ba9479ce9f09f61a3f0
libXpm versions below 6.8.1 suffer from multiple stack and integer overflows.
fbd8d4486d62e535a9c1f5d140133d5544c6c2766a0a06ffdf2218a3d4d8b4d9