Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0688

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-0688
Last Modified 07 Mar 2011 09:16:10
Published 20 Oct 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0688

Summary

Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.

Vulnerable Systems

Operating System

  • Openbsd 3.4

  • Openbsd 3.5

  • Suse Linux 8

  • Suse Linux 8.1

  • Suse Linux 8.2

  • Suse Linux 9.0

  • Suse Linux 9.1

Application

  • X.org X11r6 6.7.0

  • X.org X11r6 6.8

  • Xfree86 Project X11r6 3.3.6

  • Xfree86 Project X11r6 4.0

  • Xfree86 Project X11r6 4.0.1

  • Xfree86 Project X11r6 4.0.2.11

  • Xfree86 Project X11r6 4.0.3

  • Xfree86 Project X11r6 4.1.0

  • Xfree86 Project X11r6 4.1.11

  • Xfree86 Project X11r6 4.1.12

  • Xfree86 Project X11r6 4.2.0

  • Xfree86 Project X11r6 4.2.1

  • Xfree86 Project X11r6 4.3.0


References

CERT-VN - VU#537878

CERT - TA05-136A

BID - 11196

XF - libxpm-xpmfile-integer-overflow(17416)

VUPEN - ADV-2006-1914

HP - SSRT4848

REDHAT - RHSA-2005:004

REDHAT - RHSA-2004:537

SUSE - SUSE-SA:2004:034

GENTOO - GLSA-200502-07

GENTOO - GLSA-200409-34

DEBIAN - DSA-560

MISC - http://scary.beasts.org/security/CESA-2004-003.txt

BUGTRAQ - 20040915 CESA-2004-004: libXpm

APPLE - APPLE-SA-2005-05-03

CONFIRM - http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch

UBUNTU - USN-27-1

HP - HPSBUX02119

FEDORA - FLSA-2006:152803

MANDRAKE - MDKSA-2004:098

SUNALERT - 57653

SECUNIA - 20235

CONECTIVA - CLA-2005:924

Related Patches

HP-UX PHSS_44149 11.23 X/Motif Runtime Patch

HP-UX PHSS_44188 11.11 X/Motif Runtime Periodic Patch


Last Updated: 27 May 2016 10:38:43