Vulnerability Name:

CVE-2004-0783 (CCN-17414)

Assigned:2004-09-15
Published:2004-09-15
Updated:2018-10-19
Summary:Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string.
Note: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0688).
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Mon May 22 2006 - 08:38:14 CDT
[security bulletin] HPSBUX02119 SSRT4848 rev.1 - HP-UX Running Motif Applications Remote Arbitrary Code Execution, Denial of Service (DoS)

Source: MITRE
Type: CNA
CVE-2004-0687

Source: MITRE
Type: CNA
CVE-2004-0783

Source: CONECTIVA
Type: UNKNOWN
CLA-2004:875

Source: CCN
Type: Hewlett-Packard Company Security Bulletin HPSBUX02119 SSRT4848
HP-UX Running Motif Applications Remote Arbitrary Code Execution, Denial of Service (DoS)

Source: BUGTRAQ
Type: UNKNOWN
20040915 CESA-2004-005: gtk+ XPM decoder

Source: CCN
Type: RHSA-2004-447
gdk-pixbuf security update

Source: CCN
Type: RHSA-2004-466
gtk2 security update

Source: CCN
Type: RHSA-2004-478
XFree86 security update

Source: CCN
Type: RHSA-2004-479
XFree86 security update

Source: CCN
Type: RHSA-2004-537
openmotif security update

Source: CCN
Type: RHSA-2005-004
lesstif security update

Source: CCN
Type: RHSA-2008-0524
Low: Red Hat Network Satellite Server security update

Source: CCN
Type: Scary Beasts Security Advisory CESA-2004-003
libXpm multiple image parsing flaws

Source: MISC
Type: UNKNOWN
http://scary.beasts.org/security/CESA-2004-005.txt

Source: SECUNIA
Type: UNKNOWN
17657

Source: CCN
Type: SA20235
HP-UX Motif Applications libXpm Image Decoding Vulnerabilities

Source: SUNALERT
Type: UNKNOWN
101776

Source: CCN
Type: Sun Alert ID: 57652
Security Vulnerabilities in libXpm May Allow a Remote Unpriviledged User to Execute Arbitrary Code

Source: CCN
Type: Sun Alert ID: 57653
libXpm Security Vulnerabilities Affect the Motif Library (libXm)

Source: CCN
Type: Sun Alert ID: 57701
Multiple Security Vulnerabilities in Mozilla

Source: CCN
Type: CIAC Information Bulletin 0-216
"gtk2" Package Vulnerability

Source: CCN
Type: CIAC Information Bulletin 0-217
"gdk-pixbuf" Package vulnerability

Source: CCN
Type: CIAC Information Bulletin 0-222
libXpm Library Contains Multiple Integer Overflow Vulnerabilities

Source: CCN
Type: CIAC Information Bulletin P-001
Red Hat Updated XFree86 Packages fix Security Issues

Source: CCN
Type: CIAC Information Bulletin P-052
Updated imlib Packages Fix Security Vulnerabilities

Source: CCN
Type: CIAC Information Bulletin P-069
Sun - Multiple Mozilla Vulnerabilities

Source: CCN
Type: CIAC INFORMATION BULLETIN P-200
Apple Security Update 2005-005

Source: DEBIAN
Type: DSA-549
gtk+ -- several vulnerabilities

Source: DEBIAN
Type: DSA-560
lesstif1-1 -- integer and stack overflows

Source: DEBIAN
Type: DSA-561
xfree86 -- integer and stack overflows

Source: CCN
Type: GLSA-200409-28
GTK+ 2, gdk-pixbuf: Multiple image decoding vulnerabilities

Source: CCN
Type: GLSA-200409-34
X.org, XFree86: Integer and stack overflows in libXpm

Source: CCN
Type: GLSA-200410-09
LessTif: Integer and stack overflows in libXpm

Source: CCN
Type: GLSA-200502-07
OpenMotif: Multiple vulnerabilities in libXpm

Source: CCN
Type: US-CERT VU#369358
GdkPixbuf XPM parser contains a stack overflow vulnerability

Source: CERT-VN
Type: US Government Resource
VU#369358

Source: CCN
Type: US-CERT VU#882750
libXpm image library vulnerable to buffer overflow

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2004:095

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2004:096

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2005:214

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2004:447

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2004:466

Source: FEDORA
Type: UNKNOWN
FLSA-2005:155510

Source: BID
Type: UNKNOWN
11195

Source: CCN
Type: BID-11195
GDK-Pixbuf Multiple Vulnerabilities

Source: CCN
Type: BID-11196
libXpm Image Decoding Multiple Remote Buffer Overflow Vulnerabilities

Source: CCN
Type: BID-11830
IMLib Multiple XPM Image Decoding Buffer Overflow Vulnerabilities

Source: CCN
Type: TLSA-2005-5
Multiple vulnerabilities in libXpm

Source: CCN
Type: USN-27-1
libxpm4 vulnerability

Source: CCN
Type: X.org Web site
X.org

Source: FEDORA
Type: UNKNOWN
FLSA:2005

Source: XF
Type: UNKNOWN
gtk-xpm-xpmextractcolor-bo(17385)

Source: XF
Type: UNKNOWN
libxpm-multiple-stack-bo(17414)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1786

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9348

Source: SUSE
Type: SUSE-SA:2004:032
apache2: remote denial-of-service

Source: SUSE
Type: SUSE-SA:2004:033
gtk2 gdk-pixbuf: remote code execution

Source: SUSE
Type: SUSE-SA:2004:034
XFree86-libs xshared: remote command execution

Vulnerable Configuration:Configuration 1:
  • cpe:/a:gnome:gdkpixbuf:0.17:*:*:*:*:*:*:*
  • OR cpe:/a:gnome:gdkpixbuf:0.18:*:*:*:*:*:*:*
  • OR cpe:/a:gnome:gdkpixbuf:0.20:*:*:*:*:*:*:*
  • OR cpe:/a:gnome:gdkpixbuf:0.22:*:*:*:*:*:*:*
  • OR cpe:/a:gtk:gtk+:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:gtk:gtk+:2.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:gtk:gtk+:2.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:gtk:gtk+:2.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:gtk:gtk+:2.2.4:*:*:*:*:*:*:*

  • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20040783
    V
    CVE-2004-0783
    2017-09-27
    oval:org.mitre.oval:def:9348
    V
    Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0688).
    2013-04-29
    oval:org.mitre.oval:def:1786
    V
    XPM Image Decoder Malicious Color String Vulnerability
    2011-05-09
    oval:org.debian:def:549
    V
    several vulnerabilities
    2004-09-17
    oval:com.redhat.rhsa:def:20040447
    P
    RHSA-2004:447: gdk-pixbuf security update (Important)
    2004-09-15
    oval:com.redhat.rhsa:def:20040466
    P
    RHSA-2004:466: gtk2 security update (Important)
    2004-09-15
    BACK
    gnome gdkpixbuf 0.17
    gnome gdkpixbuf 0.18
    gnome gdkpixbuf 0.20
    gnome gdkpixbuf 0.22
    gtk gtk+ 2.0.2
    gtk gtk+ 2.0.6
    gtk gtk+ 2.2.1
    gtk gtk+ 2.2.3
    gtk gtk+ 2.2.4