| Vulnerability Name: | CVE-2004-0783 (CCN-17414) | ||||||||||||||||||||||||||||
| Assigned: | 2004-09-15 | ||||||||||||||||||||||||||||
| Published: | 2004-09-15 | ||||||||||||||||||||||||||||
| Updated: | 2018-10-19 | ||||||||||||||||||||||||||||
| Summary: | Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string. Note: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0688). | ||||||||||||||||||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Mon May 22 2006 - 08:38:14 CDT [security bulletin] HPSBUX02119 SSRT4848 rev.1 - HP-UX Running Motif Applications Remote Arbitrary Code Execution, Denial of Service (DoS) Source: MITRE Type: CNA CVE-2004-0687 Source: MITRE Type: CNA CVE-2004-0783 Source: CONECTIVA Type: UNKNOWN CLA-2004:875 Source: CCN Type: Hewlett-Packard Company Security Bulletin HPSBUX02119 SSRT4848 HP-UX Running Motif Applications Remote Arbitrary Code Execution, Denial of Service (DoS) Source: BUGTRAQ Type: UNKNOWN 20040915 CESA-2004-005: gtk+ XPM decoder Source: CCN Type: RHSA-2004-447 gdk-pixbuf security update Source: CCN Type: RHSA-2004-466 gtk2 security update Source: CCN Type: RHSA-2004-478 XFree86 security update Source: CCN Type: RHSA-2004-479 XFree86 security update Source: CCN Type: RHSA-2004-537 openmotif security update Source: CCN Type: RHSA-2005-004 lesstif security update Source: CCN Type: RHSA-2008-0524 Low: Red Hat Network Satellite Server security update Source: CCN Type: Scary Beasts Security Advisory CESA-2004-003 libXpm multiple image parsing flaws Source: MISC Type: UNKNOWN http://scary.beasts.org/security/CESA-2004-005.txt Source: SECUNIA Type: UNKNOWN 17657 Source: CCN Type: SA20235 HP-UX Motif Applications libXpm Image Decoding Vulnerabilities Source: SUNALERT Type: UNKNOWN 101776 Source: CCN Type: Sun Alert ID: 57652 Security Vulnerabilities in libXpm May Allow a Remote Unpriviledged User to Execute Arbitrary Code Source: CCN Type: Sun Alert ID: 57653 libXpm Security Vulnerabilities Affect the Motif Library (libXm) Source: CCN Type: Sun Alert ID: 57701 Multiple Security Vulnerabilities in Mozilla Source: CCN Type: CIAC Information Bulletin 0-216 "gtk2" Package Vulnerability Source: CCN Type: CIAC Information Bulletin 0-217 "gdk-pixbuf" Package vulnerability Source: CCN Type: CIAC Information Bulletin 0-222 libXpm Library Contains Multiple Integer Overflow Vulnerabilities Source: CCN Type: CIAC Information Bulletin P-001 Red Hat Updated XFree86 Packages fix Security Issues Source: CCN Type: CIAC Information Bulletin P-052 Updated imlib Packages Fix Security Vulnerabilities Source: CCN Type: CIAC Information Bulletin P-069 Sun - Multiple Mozilla Vulnerabilities Source: CCN Type: CIAC INFORMATION BULLETIN P-200 Apple Security Update 2005-005 Source: DEBIAN Type: DSA-549 gtk+ -- several vulnerabilities Source: DEBIAN Type: DSA-560 lesstif1-1 -- integer and stack overflows Source: DEBIAN Type: DSA-561 xfree86 -- integer and stack overflows Source: CCN Type: GLSA-200409-28 GTK+ 2, gdk-pixbuf: Multiple image decoding vulnerabilities Source: CCN Type: GLSA-200409-34 X.org, XFree86: Integer and stack overflows in libXpm Source: CCN Type: GLSA-200410-09 LessTif: Integer and stack overflows in libXpm Source: CCN Type: GLSA-200502-07 OpenMotif: Multiple vulnerabilities in libXpm Source: CCN Type: US-CERT VU#369358 GdkPixbuf XPM parser contains a stack overflow vulnerability Source: CERT-VN Type: US Government Resource VU#369358 Source: CCN Type: US-CERT VU#882750 libXpm image library vulnerable to buffer overflow Source: MANDRAKE Type: UNKNOWN MDKSA-2004:095 Source: MANDRAKE Type: UNKNOWN MDKSA-2004:096 Source: MANDRIVA Type: UNKNOWN MDKSA-2005:214 Source: REDHAT Type: Patch, Vendor Advisory RHSA-2004:447 Source: REDHAT Type: Patch, Vendor Advisory RHSA-2004:466 Source: FEDORA Type: UNKNOWN FLSA-2005:155510 Source: BID Type: UNKNOWN 11195 Source: CCN Type: BID-11195 GDK-Pixbuf Multiple Vulnerabilities Source: CCN Type: BID-11196 libXpm Image Decoding Multiple Remote Buffer Overflow Vulnerabilities Source: CCN Type: BID-11830 IMLib Multiple XPM Image Decoding Buffer Overflow Vulnerabilities Source: CCN Type: TLSA-2005-5 Multiple vulnerabilities in libXpm Source: CCN Type: USN-27-1 libxpm4 vulnerability Source: CCN Type: X.org Web site X.org Source: FEDORA Type: UNKNOWN FLSA:2005 Source: XF Type: UNKNOWN gtk-xpm-xpmextractcolor-bo(17385) Source: XF Type: UNKNOWN libxpm-multiple-stack-bo(17414) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1786 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:9348 Source: SUSE Type: SUSE-SA:2004:032 apache2: remote denial-of-service Source: SUSE Type: SUSE-SA:2004:033 gtk2 gdk-pixbuf: remote code execution Source: SUSE Type: SUSE-SA:2004:034 XFree86-libs xshared: remote command execution | ||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||