Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0687

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-0687
Last Modified 07 Mar 2011 09:16:09
Published 20 Oct 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0687

Summary

Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.

Vulnerable Systems

Operating System

  • Openbsd 3.4

  • Openbsd 3.5

  • Suse Linux 8

  • Suse Linux 8.1

  • Suse Linux 8.2

  • Suse Linux 9.0

  • Suse Linux 9.1

Application

  • X.org X11r6 6.7.0

  • X.org X11r6 6.8

  • Xfree86 Project X11r6 3.3.6

  • Xfree86 Project X11r6 4.0

  • Xfree86 Project X11r6 4.0.1

  • Xfree86 Project X11r6 4.0.2.11

  • Xfree86 Project X11r6 4.0.3

  • Xfree86 Project X11r6 4.1.0

  • Xfree86 Project X11r6 4.1.11

  • Xfree86 Project X11r6 4.1.12

  • Xfree86 Project X11r6 4.2.0

  • Xfree86 Project X11r6 4.2.1

  • Xfree86 Project X11r6 4.3.0


References

CERT-VN - VU#882750

CERT - TA05-136A

BID - 11196

XF - libxpm-multiple-stack-bo(17414)

VUPEN - ADV-2006-1914

HP - HPSBUX02119

REDHAT - RHSA-2005:004

REDHAT - RHSA-2004:537

SUSE - SUSE-SA:2004:034

GENTOO - GLSA-200502-07

GENTOO - GLSA-200409-34

DEBIAN - DSA-560

MISC - http://scary.beasts.org/security/CESA-2004-003.txt

BUGTRAQ - 20040915 CESA-2004-004: libXpm

APPLE - APPLE-SA-2005-05-03

CONFIRM - http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch

UBUNTU - USN-27-1

FEDORA - FLSA-2006:152803

MANDRAKE - MDKSA-2004:098

SUNALERT - 57653

SECUNIA - 20235

CONECTIVA - CLA-2005:924

HP - SSRT4848

Related Patches

HP-UX PHSS_44149 11.23 X/Motif Runtime Patch

HP-UX PHSS_44188 11.11 X/Motif Runtime Periodic Patch


Last Updated: 27 May 2016 11:02:28