Vulnerability Name: | CVE-2004-0688 (CCN-17416) | ||||||||||||||||||||||||||||
Assigned: | 2004-09-15 | ||||||||||||||||||||||||||||
Published: | 2004-09-15 | ||||||||||||||||||||||||||||
Updated: | 2018-10-19 | ||||||||||||||||||||||||||||
Summary: | Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file. | ||||||||||||||||||||||||||||
CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||||||
CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||||||||||
Vulnerability Type: | CWE-Other | ||||||||||||||||||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||
References: | Source: CCN Type: BugTraq Mailing List, Mon May 22 2006 - 08:38:14 CDT [security bulletin] HPSBUX02119 SSRT4848 rev.1 - HP-UX Running Motif Applications Remote Arbitrary Code Execution, Denial of Service (DoS) Source: MITRE Type: CNA CVE-2004-0688 Source: MITRE Type: CNA CVE-2004-0782 Source: MITRE Type: CNA CVE-2004-1026 Source: CONECTIVA Type: UNKNOWN CLA-2005:924 Source: CONFIRM Type: UNKNOWN http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch Source: CCN Type: Hewlett-Packard Company Security Bulletin HPSBUX02119 SSRT4848 HP-UX Running Motif Applications Remote Arbitrary Code Execution, Denial of Service (DoS) Source: APPLE Type: UNKNOWN APPLE-SA-2005-05-03 Source: BUGTRAQ Type: UNKNOWN 20040915 CESA-2004-004: libXpm Source: CCN Type: RHSA-2004-447 gdk-pixbuf security update Source: CCN Type: RHSA-2004-466 gtk2 security update Source: CCN Type: RHSA-2004-478 XFree86 security update Source: CCN Type: RHSA-2004-479 XFree86 security update Source: CCN Type: RHSA-2004-537 openmotif security update Source: CCN Type: RHSA-2004-651 imlib security update Source: CCN Type: RHSA-2005-004 lesstif security update Source: CCN Type: RHSA-2008-0524 Low: Red Hat Network Satellite Server security update Source: CCN Type: Scary Beasts Security Advisory CESA-2004-003 libXpm multiple image parsing flaws Source: MISC Type: UNKNOWN http://scary.beasts.org/security/CESA-2004-003.txt Source: CCN Type: SA20235 HP-UX Motif Applications libXpm Image Decoding Vulnerabilities Source: SECUNIA Type: UNKNOWN 20235 Source: SUNALERT Type: UNKNOWN 57653 Source: CCN Type: Sun Alert ID: 57653 libXpm Security Vulnerabilities Affect the Motif Library (libXm) Source: CCN Type: CIAC Information Bulletin 0-216 "gtk2" Package Vulnerability Source: CCN Type: CIAC Information Bulletin 0-217 "gdk-pixbuf" Package vulnerability Source: CCN Type: CIAC Information Bulletin 0-222 libXpm Library Contains Multiple Integer Overflow Vulnerabilities Source: CCN Type: CIAC Information Bulletin P-001 Red Hat Updated XFree86 Packages fix Security Issues Source: CCN Type: CIAC Information Bulletin P-052 Updated imlib Packages Fix Security Vulnerabilities Source: CCN Type: CIAC INFORMATION BULLETIN P-200 Apple Security Update 2005-005 Source: DEBIAN Type: UNKNOWN DSA-560 Source: DEBIAN Type: DSA-546 gdk-pixbuf -- several vulnerabilities Source: DEBIAN Type: DSA-549 gtk+ -- several vulnerabilities Source: DEBIAN Type: DSA-560 lesstif1-1 -- integer and stack overflows Source: DEBIAN Type: DSA-561 xfree86 -- integer and stack overflows Source: DEBIAN Type: DSA-618 imlib -- buffer overflows Source: DEBIAN Type: DSA-628 imlib2 -- integer overflows Source: CCN Type: GLSA-200409-28 GTK+ 2, gdk-pixbuf: Multiple image decoding vulnerabilities Source: CCN Type: GLSA-200409-34 X.org, XFree86: Integer and stack overflows in libXpm Source: GENTOO Type: UNKNOWN GLSA-200409-34 Source: CCN Type: GLSA-200410-09 LessTif: Integer and stack overflows in libXpm Source: CCN Type: GLSA-200412-03 imlib: Buffer overflows in image decoding Source: CCN Type: GLSA-200501-19 imlib2: Buffer overflows in image decoding Source: CCN Type: GLSA-200502-07 OpenMotif: Multiple vulnerabilities in libXpm Source: GENTOO Type: UNKNOWN GLSA-200502-07 Source: CCN Type: US-CERT VU#537878 libXpm library contains multiple integer overflow vulnerabilities Source: CERT-VN Type: US Government Resource VU#537878 Source: CCN Type: US-CERT VU#729894 GdkPixbuf XPM parser contains a heap overflow vulnerability Source: MANDRAKE Type: UNKNOWN MDKSA-2004:098 Source: SUSE Type: UNKNOWN SUSE-SA:2004:034 Source: FEDORA Type: UNKNOWN FLSA-2006:152803 Source: REDHAT Type: UNKNOWN RHSA-2004:537 Source: REDHAT Type: UNKNOWN RHSA-2005:004 Source: HP Type: UNKNOWN HPSBUX02119 Source: CCN Type: BID-11195 GDK-Pixbuf Multiple Vulnerabilities Source: BID Type: Patch, Vendor Advisory 11196 Source: CCN Type: BID-11196 libXpm Image Decoding Multiple Remote Buffer Overflow Vulnerabilities Source: CCN Type: BID-11830 IMLib Multiple XPM Image Decoding Buffer Overflow Vulnerabilities Source: CCN Type: TLSA-2005-5 Multiple vulnerabilities in libXpm Source: CCN Type: TLSA-2005-6 Two vulnerabilities discovered in imlib Source: CCN Type: USN-27-1 libxpm4 vulnerability Source: CCN Type: USN-53-1 imlib vulnerabilities Source: CCN Type: USN-55-1 imlib2 vulnerabilities Source: CERT Type: US Government Resource TA05-136A Source: VUPEN Type: UNKNOWN ADV-2006-1914 Source: CCN Type: X.org Web site X.org Source: XF Type: UNKNOWN libxpm-xpm-overflow(17416) Source: XF Type: UNKNOWN libxpm-xpmfile-integer-overflow(17416) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:11796 Source: UBUNTU Type: UNKNOWN USN-27-1 Source: SUSE Type: SUSE-SA:2004:032 apache2: remote denial-of-service Source: SUSE Type: SUSE-SA:2004:033 gtk2 gdk-pixbuf: remote code execution Source: SUSE Type: SUSE-SA:2004:034 XFree86-libs xshared: remote command execution Source: SUSE Type: SUSE-SR:2004:003 SUSE Security Summary Report | ||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration RedHat 1: ![]() | ||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||
BACK |