Vulnerability Name:

CVE-2004-0688 (CCN-17416)

Assigned:2004-09-15
Published:2004-09-15
Updated:2018-10-19
Summary:Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Mon May 22 2006 - 08:38:14 CDT
[security bulletin] HPSBUX02119 SSRT4848 rev.1 - HP-UX Running Motif Applications Remote Arbitrary Code Execution, Denial of Service (DoS)

Source: MITRE
Type: CNA
CVE-2004-0688

Source: MITRE
Type: CNA
CVE-2004-0782

Source: MITRE
Type: CNA
CVE-2004-1026

Source: CONECTIVA
Type: UNKNOWN
CLA-2005:924

Source: CONFIRM
Type: UNKNOWN
http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch

Source: CCN
Type: Hewlett-Packard Company Security Bulletin HPSBUX02119 SSRT4848
HP-UX Running Motif Applications Remote Arbitrary Code Execution, Denial of Service (DoS)

Source: APPLE
Type: UNKNOWN
APPLE-SA-2005-05-03

Source: BUGTRAQ
Type: UNKNOWN
20040915 CESA-2004-004: libXpm

Source: CCN
Type: RHSA-2004-447
gdk-pixbuf security update

Source: CCN
Type: RHSA-2004-466
gtk2 security update

Source: CCN
Type: RHSA-2004-478
XFree86 security update

Source: CCN
Type: RHSA-2004-479
XFree86 security update

Source: CCN
Type: RHSA-2004-537
openmotif security update

Source: CCN
Type: RHSA-2004-651
imlib security update

Source: CCN
Type: RHSA-2005-004
lesstif security update

Source: CCN
Type: RHSA-2008-0524
Low: Red Hat Network Satellite Server security update

Source: CCN
Type: Scary Beasts Security Advisory CESA-2004-003
libXpm multiple image parsing flaws

Source: MISC
Type: UNKNOWN
http://scary.beasts.org/security/CESA-2004-003.txt

Source: CCN
Type: SA20235
HP-UX Motif Applications libXpm Image Decoding Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
20235

Source: SUNALERT
Type: UNKNOWN
57653

Source: CCN
Type: Sun Alert ID: 57653
libXpm Security Vulnerabilities Affect the Motif Library (libXm)

Source: CCN
Type: CIAC Information Bulletin 0-216
"gtk2" Package Vulnerability

Source: CCN
Type: CIAC Information Bulletin 0-217
"gdk-pixbuf" Package vulnerability

Source: CCN
Type: CIAC Information Bulletin 0-222
libXpm Library Contains Multiple Integer Overflow Vulnerabilities

Source: CCN
Type: CIAC Information Bulletin P-001
Red Hat Updated XFree86 Packages fix Security Issues

Source: CCN
Type: CIAC Information Bulletin P-052
Updated imlib Packages Fix Security Vulnerabilities

Source: CCN
Type: CIAC INFORMATION BULLETIN P-200
Apple Security Update 2005-005

Source: DEBIAN
Type: UNKNOWN
DSA-560

Source: DEBIAN
Type: DSA-546
gdk-pixbuf -- several vulnerabilities

Source: DEBIAN
Type: DSA-549
gtk+ -- several vulnerabilities

Source: DEBIAN
Type: DSA-560
lesstif1-1 -- integer and stack overflows

Source: DEBIAN
Type: DSA-561
xfree86 -- integer and stack overflows

Source: DEBIAN
Type: DSA-618
imlib -- buffer overflows

Source: DEBIAN
Type: DSA-628
imlib2 -- integer overflows

Source: CCN
Type: GLSA-200409-28
GTK+ 2, gdk-pixbuf: Multiple image decoding vulnerabilities

Source: CCN
Type: GLSA-200409-34
X.org, XFree86: Integer and stack overflows in libXpm

Source: GENTOO
Type: UNKNOWN
GLSA-200409-34

Source: CCN
Type: GLSA-200410-09
LessTif: Integer and stack overflows in libXpm

Source: CCN
Type: GLSA-200412-03
imlib: Buffer overflows in image decoding

Source: CCN
Type: GLSA-200501-19
imlib2: Buffer overflows in image decoding

Source: CCN
Type: GLSA-200502-07
OpenMotif: Multiple vulnerabilities in libXpm

Source: GENTOO
Type: UNKNOWN
GLSA-200502-07

Source: CCN
Type: US-CERT VU#537878
libXpm library contains multiple integer overflow vulnerabilities

Source: CERT-VN
Type: US Government Resource
VU#537878

Source: CCN
Type: US-CERT VU#729894
GdkPixbuf XPM parser contains a heap overflow vulnerability

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2004:098

Source: SUSE
Type: UNKNOWN
SUSE-SA:2004:034

Source: FEDORA
Type: UNKNOWN
FLSA-2006:152803

Source: REDHAT
Type: UNKNOWN
RHSA-2004:537

Source: REDHAT
Type: UNKNOWN
RHSA-2005:004

Source: HP
Type: UNKNOWN
HPSBUX02119

Source: CCN
Type: BID-11195
GDK-Pixbuf Multiple Vulnerabilities

Source: BID
Type: Patch, Vendor Advisory
11196

Source: CCN
Type: BID-11196
libXpm Image Decoding Multiple Remote Buffer Overflow Vulnerabilities

Source: CCN
Type: BID-11830
IMLib Multiple XPM Image Decoding Buffer Overflow Vulnerabilities

Source: CCN
Type: TLSA-2005-5
Multiple vulnerabilities in libXpm

Source: CCN
Type: TLSA-2005-6
Two vulnerabilities discovered in imlib

Source: CCN
Type: USN-27-1
libxpm4 vulnerability

Source: CCN
Type: USN-53-1
imlib vulnerabilities

Source: CCN
Type: USN-55-1
imlib2 vulnerabilities

Source: CERT
Type: US Government Resource
TA05-136A

Source: VUPEN
Type: UNKNOWN
ADV-2006-1914

Source: CCN
Type: X.org Web site
X.org

Source: XF
Type: UNKNOWN
libxpm-xpm-overflow(17416)

Source: XF
Type: UNKNOWN
libxpm-xpmfile-integer-overflow(17416)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11796

Source: UBUNTU
Type: UNKNOWN
USN-27-1

Source: SUSE
Type: SUSE-SA:2004:032
apache2: remote denial-of-service

Source: SUSE
Type: SUSE-SA:2004:033
gtk2 gdk-pixbuf: remote code execution

Source: SUSE
Type: SUSE-SA:2004:034
XFree86-libs xshared: remote command execution

Source: SUSE
Type: SUSE-SR:2004:003
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:x.org:x11r6:6.7.0:*:*:*:*:*:*:*
  • OR cpe:/a:x.org:x11r6:6.8:*:*:*:*:*:*:*
  • OR cpe:/a:xfree86_project:x11r6:3.3.6:*:*:*:*:*:*:*
  • OR cpe:/a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:xfree86_project:x11r6:4.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:xfree86_project:x11r6:4.0.2.11:*:*:*:*:*:*:*
  • OR cpe:/a:xfree86_project:x11r6:4.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:xfree86_project:x11r6:4.1.11:*:*:*:*:*:*:*
  • OR cpe:/a:xfree86_project:x11r6:4.1.12:*:*:*:*:*:*:*
  • OR cpe:/a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:xfree86_project:x11r6:4.2.1:*:errata:*:*:*:*:*
  • OR cpe:/a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*

  • Configuration 2:
  • cpe:/o:openbsd:openbsd:3.4:*:*:*:*:*:*:*
  • OR cpe:/o:openbsd:openbsd:3.5:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*

  • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20040688
    V
    CVE-2004-0688
    2017-09-27
    oval:org.mitre.oval:def:11796
    V
    Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.
    2013-04-29
    oval:com.redhat.rhsa:def:20040537
    P
    RHSA-2004:537: openmotif security update (Important)
    2004-12-02
    oval:org.debian:def:561
    V
    integer and stack overflows
    2004-10-11
    oval:org.debian:def:560
    V
    integer and stack overflows
    2004-10-07
    oval:com.redhat.rhsa:def:20040478
    P
    RHSA-2004:478: XFree86 security update (Moderate)
    2004-10-04
    BACK
    x.org x11r6 6.7.0
    x.org x11r6 6.8
    xfree86_project x11r6 3.3.6
    xfree86_project x11r6 4.0
    xfree86_project x11r6 4.0.1
    xfree86_project x11r6 4.0.2.11
    xfree86_project x11r6 4.0.3
    xfree86_project x11r6 4.1.0
    xfree86_project x11r6 4.1.11
    xfree86_project x11r6 4.1.12
    xfree86_project x11r6 4.2.0
    xfree86_project x11r6 4.2.1
    xfree86_project x11r6 4.2.1
    xfree86_project x11r6 4.3.0
    openbsd openbsd 3.4
    openbsd openbsd 3.5
    suse suse linux 8
    suse suse linux 8.1
    suse suse linux 8.2
    suse suse linux 9.0
    suse suse linux 9.0
    suse suse linux 9.0
    suse suse linux 9.1