Vulnerability Name:

CVE-2004-0914 (CCN-18142)

Assigned:2004-09-15
Published:2004-09-15
Updated:2017-10-11
Summary:Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file.
Note: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2004-0914

Source: CCN
Type: RHSA-2004-537
openmotif security update

Source: REDHAT
Type: UNKNOWN
RHSA-2004:537

Source: CCN
Type: RHSA-2004-610
XFree86 security update

Source: CCN
Type: RHSA-2004-612
XFree86 security update

Source: CCN
Type: RHSA-2005-004
lesstif security update

Source: CCN
Type: RHSA-2008-0524
Low: Red Hat Network Satellite Server security update

Source: CCN
Type: SA13224
X11 libXpm Multiple Image Processing Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
13224

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-607

Source: DEBIAN
Type: DSA-607
xfree86 -- several vulnerabilities

Source: CCN
Type: GLSA-200411-28
X.Org, XFree86: libXpm vulnerabilities

Source: GENTOO
Type: Patch, Vendor Advisory
GLSA-200411-28

Source: CCN
Type: GLSA-200502-06
LessTif: Multiple vulnerabilities in libXpm

Source: GENTOO
Type: UNKNOWN
GLSA-200502-06

Source: CCN
Type: GLSA-200502-07
OpenMotif: Multiple vulnerabilities in libXpm

Source: GENTOO
Type: UNKNOWN
GLSA-200502-07

Source: CCN
Type: Fedora Update Notification FEDORA-2004-433
xorg-x11-6.7.0-10 update

Source: FEDORA
Type: UNKNOWN
FEDORA-2004-433

Source: CCN
Type: Fedora Update Notification FEDORA-2004-434
xorg-x11-6.8.1-12.FC3.1 update

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2004:137

Source: FEDORA
Type: UNKNOWN
FLSA-2006:152803

Source: REDHAT
Type: UNKNOWN
RHSA-2004:610

Source: REDHAT
Type: UNKNOWN
RHSA-2005:004

Source: BID
Type: Patch, Vendor Advisory
11694

Source: CCN
Type: BID-11694
LibXPM Multiple Unspecified Vulnerabilities

Source: CCN
Type: BID-11837
IMLib Multiple Remote Integer Overflow Vulnerabilities

Source: CCN
Type: TLSA-2005-5
Multiple vulnerabilities in libXpm

Source: CCN
Type: USN-83-1
LessTif 2 vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-83-1

Source: CCN
Type: USN-83-2
LessTif 1 vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-83-2

Source: CONFIRM
Type: UNKNOWN
http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch

Source: HP
Type: UNKNOWN
HPSBTU01228

Source: CCN
Type: X.Org Foundation Web site
X.Org

Source: XF
Type: UNKNOWN
libxpm-image-bo(18142)

Source: XF
Type: UNKNOWN
libxpm-image-bo(18142)

Source: XF
Type: UNKNOWN
libxpm-improper-memory-access(18144)

Source: XF
Type: UNKNOWN
libxpm-command-execution(18145)

Source: XF
Type: UNKNOWN
libxpm-directory-traversal(18146)

Source: XF
Type: UNKNOWN
libxpm-dos(18147)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9943

Vulnerable Configuration:Configuration 1:
  • cpe:/a:lesstif:lesstif:0.93:*:*:*:*:*:*:*
  • OR cpe:/a:lesstif:lesstif:0.93.12:*:*:*:*:*:*:*
  • OR cpe:/a:lesstif:lesstif:0.93.18:*:*:*:*:*:*:*
  • OR cpe:/a:lesstif:lesstif:0.93.34:*:*:*:*:*:*:*
  • OR cpe:/a:lesstif:lesstif:0.93.36:*:*:*:*:*:*:*
  • OR cpe:/a:lesstif:lesstif:0.93.40:*:*:*:*:*:*:*
  • OR cpe:/a:lesstif:lesstif:0.93.91:*:*:*:*:*:*:*
  • OR cpe:/a:lesstif:lesstif:0.93.94:*:*:*:*:*:*:*
  • OR cpe:/a:lesstif:lesstif:0.93.96:*:*:*:*:*:*:*
  • OR cpe:/a:x.org:x11r6:6.7.0:*:*:*:*:*:*:*
  • OR cpe:/a:x.org:x11r6:6.8:*:*:*:*:*:*:*
  • OR cpe:/a:x.org:x11r6:6.8.1:*:*:*:*:*:*:*
  • OR cpe:/a:xfree86_project:x11r6:3.3:*:*:*:*:*:*:*
  • OR cpe:/a:xfree86_project:x11r6:3.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:xfree86_project:x11r6:3.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:xfree86_project:x11r6:3.3.4:*:*:*:*:*:*:*
  • OR cpe:/a:xfree86_project:x11r6:3.3.5:*:*:*:*:*:*:*
  • OR cpe:/a:xfree86_project:x11r6:3.3.6:*:*:*:*:*:*:*
  • OR cpe:/a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:xfree86_project:x11r6:4.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:xfree86_project:x11r6:4.0.2.11:*:*:*:*:*:*:*
  • OR cpe:/a:xfree86_project:x11r6:4.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:xfree86_project:x11r6:4.1.11:*:*:*:*:*:*:*
  • OR cpe:/a:xfree86_project:x11r6:4.1.12:*:*:*:*:*:*:*
  • OR cpe:/a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:xfree86_project:x11r6:4.2.1:*:errata:*:*:*:*:*
  • OR cpe:/a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*

  • Configuration 2:
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:1.0:*:desktop:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*

  • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2004-0914 (CCN-18144)

    Assigned:2004-09-15
    Published:2004-09-15
    Updated:2004-11-17
    Summary:Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file.
    Note: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions.
    CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): Low
    Availibility (A): Low
    CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): Complete
    Integrity (I): Complete
    Availibility (A): Complete
    7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): Partial
    Availibility (A): Partial
    Vulnerability Consequences:Gain Access
    References:Source: MITRE
    Type: CNA
    CVE-2004-0914

    Source: CCN
    Type: RHSA-2004-537
    openmotif security update

    Source: CCN
    Type: RHSA-2004-610
    XFree86 security update

    Source: CCN
    Type: RHSA-2004-612
    XFree86 security update

    Source: CCN
    Type: RHSA-2005-004
    lesstif security update

    Source: CCN
    Type: RHSA-2008-0524
    Low: Red Hat Network Satellite Server security update

    Source: CCN
    Type: SA13224
    X11 libXpm Multiple Image Processing Vulnerabilities

    Source: DEBIAN
    Type: DSA-607
    xfree86 -- several vulnerabilities

    Source: CCN
    Type: GLSA-200411-28
    X.Org, XFree86: libXpm vulnerabilities

    Source: CCN
    Type: GLSA-200502-06
    LessTif: Multiple vulnerabilities in libXpm

    Source: CCN
    Type: GLSA-200502-07
    OpenMotif: Multiple vulnerabilities in libXpm

    Source: CCN
    Type: Fedora Update Notification FEDORA-2004-433
    xorg-x11-6.7.0-10 update

    Source: CCN
    Type: Fedora Update Notification FEDORA-2004-434
    xorg-x11-6.8.1-12.FC3.1 update

    Source: CCN
    Type: BID-11694
    LibXPM Multiple Unspecified Vulnerabilities

    Source: CCN
    Type: TLSA-2005-5
    Multiple vulnerabilities in libXpm

    Source: CCN
    Type: USN-83-1
    LessTif 2 vulnerabilities

    Source: CCN
    Type: USN-83-2
    LessTif 1 vulnerabilities

    Source: CCN
    Type: X.Org Foundation Web site
    X.Org

    Source: XF
    Type: UNKNOWN
    libxpm-improper-memory-access(18144)

    Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2004-0914 (CCN-18145)

    Assigned:2004-09-15
    Published:2004-09-15
    Updated:2004-11-17
    Summary:Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file.
    Note: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions.
    CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): Low
    Availibility (A): Low
    CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): Complete
    Integrity (I): Complete
    Availibility (A): Complete
    7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): Partial
    Availibility (A): Partial
    Vulnerability Consequences:Gain Access
    References:Source: MITRE
    Type: CNA
    CVE-2004-0914

    Source: CCN
    Type: RHSA-2004-537
    openmotif security update

    Source: CCN
    Type: RHSA-2004-610
    XFree86 security update

    Source: CCN
    Type: RHSA-2004-612
    XFree86 security update

    Source: CCN
    Type: RHSA-2005-004
    lesstif security update

    Source: CCN
    Type: RHSA-2008-0524
    Low: Red Hat Network Satellite Server security update

    Source: CCN
    Type: SA13224
    X11 libXpm Multiple Image Processing Vulnerabilities

    Source: DEBIAN
    Type: DSA-607
    xfree86 -- several vulnerabilities

    Source: CCN
    Type: GLSA-200411-28
    X.Org, XFree86: libXpm vulnerabilities

    Source: CCN
    Type: GLSA-200502-06
    LessTif: Multiple vulnerabilities in libXpm

    Source: CCN
    Type: GLSA-200502-07
    OpenMotif: Multiple vulnerabilities in libXpm

    Source: CCN
    Type: Fedora Update Notification FEDORA-2004-433
    xorg-x11-6.7.0-10 update

    Source: CCN
    Type: Fedora Update Notification FEDORA-2004-434
    xorg-x11-6.8.1-12.FC3.1 update

    Source: CCN
    Type: BID-11694
    LibXPM Multiple Unspecified Vulnerabilities

    Source: CCN
    Type: TLSA-2005-5
    Multiple vulnerabilities in libXpm

    Source: CCN
    Type: USN-83-1
    LessTif 2 vulnerabilities

    Source: CCN
    Type: USN-83-2
    LessTif 1 vulnerabilities

    Source: CCN
    Type: X.Org Foundation Web site
    X.Org

    Source: XF
    Type: UNKNOWN
    libxpm-command-execution(18145)

    Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2004-0914 (CCN-18146)

    Assigned:2004-09-15
    Published:2004-09-15
    Updated:2004-11-17
    Summary:Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file.
    Note: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions.
    CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): None
    Availibility (A): None
    CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): Complete
    Integrity (I): Complete
    Availibility (A): Complete
    5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): None
    Availibility (A): None
    Vulnerability Consequences:Obtain Information
    References:Source: MITRE
    Type: CNA
    CVE-2004-0914

    Source: CCN
    Type: RHSA-2004-537
    openmotif security update

    Source: CCN
    Type: RHSA-2004-610
    XFree86 security update

    Source: CCN
    Type: RHSA-2004-612
    XFree86 security update

    Source: CCN
    Type: RHSA-2005-004
    lesstif security update

    Source: CCN
    Type: RHSA-2008-0524
    Low: Red Hat Network Satellite Server security update

    Source: CCN
    Type: SA13224
    X11 libXpm Multiple Image Processing Vulnerabilities

    Source: DEBIAN
    Type: DSA-607
    xfree86 -- several vulnerabilities

    Source: CCN
    Type: GLSA-200411-28
    X.Org, XFree86: libXpm vulnerabilities

    Source: CCN
    Type: GLSA-200502-06
    LessTif: Multiple vulnerabilities in libXpm

    Source: CCN
    Type: GLSA-200502-07
    OpenMotif: Multiple vulnerabilities in libXpm

    Source: CCN
    Type: Fedora Update Notification FEDORA-2004-433
    xorg-x11-6.7.0-10 update

    Source: CCN
    Type: Fedora Update Notification FEDORA-2004-434
    xorg-x11-6.8.1-12.FC3.1 update

    Source: CCN
    Type: BID-11694
    LibXPM Multiple Unspecified Vulnerabilities

    Source: CCN
    Type: TLSA-2005-5
    Multiple vulnerabilities in libXpm

    Source: CCN
    Type: USN-83-1
    LessTif 2 vulnerabilities

    Source: CCN
    Type: USN-83-2
    LessTif 1 vulnerabilities

    Source: CCN
    Type: X.Org Foundation Web site
    X.Org

    Source: XF
    Type: UNKNOWN
    libxpm-directory-traversal(18146)

    Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2004-0914 (CCN-18147)

    Assigned:2004-09-15
    Published:2004-09-15
    Updated:2017-10-11
    Summary:Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file.
    Note: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions.
    CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): Low
    Availibility (A): Low
    CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): Complete
    Integrity (I): Complete
    Availibility (A): Complete
    7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): Partial
    Availibility (A): Partial
    Vulnerability Type:CWE-Other
    Vulnerability Consequences:Gain Access
    References:Source: MITRE
    Type: CNA
    CVE-2004-0914

    Source: CCN
    Type: RHSA-2004-537
    openmotif security update

    Source: CCN
    Type: RHSA-2004-610
    XFree86 security update

    Source: CCN
    Type: RHSA-2004-612
    XFree86 security update

    Source: CCN
    Type: RHSA-2005-004
    lesstif security update

    Source: CCN
    Type: RHSA-2008-0524
    Low: Red Hat Network Satellite Server security update

    Source: CCN
    Type: SA13224
    X11 libXpm Multiple Image Processing Vulnerabilities

    Source: DEBIAN
    Type: DSA-607
    xfree86 -- several vulnerabilities

    Source: CCN
    Type: GLSA-200411-28
    X.Org, XFree86: libXpm vulnerabilities

    Source: CCN
    Type: GLSA-200502-06
    LessTif: Multiple vulnerabilities in libXpm

    Source: CCN
    Type: GLSA-200502-07
    OpenMotif: Multiple vulnerabilities in libXpm

    Source: CCN
    Type: Fedora Update Notification FEDORA-2004-433
    xorg-x11-6.7.0-10 update

    Source: CCN
    Type: Fedora Update Notification FEDORA-2004-434
    xorg-x11-6.8.1-12.FC3.1 update

    Source: CCN
    Type: BID-11694
    LibXPM Multiple Unspecified Vulnerabilities

    Source: CCN
    Type: TLSA-2005-5
    Multiple vulnerabilities in libXpm

    Source: CCN
    Type: USN-83-1
    LessTif 2 vulnerabilities

    Source: CCN
    Type: USN-83-2
    LessTif 1 vulnerabilities

    Source: CCN
    Type: X.Org Foundation Web site
    X.Org

    Source: XF
    Type: UNKNOWN
    libxpm-dos(18147)

    Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2004-0914 (CCN-19610)

    Assigned:2004-09-15
    Published:2004-09-15
    Updated:2005-03-04
    Summary:Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file.
    Note: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions.
    CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): Low
    Availibility (A): Low
    CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): Complete
    Integrity (I): Complete
    Availibility (A): Complete
    7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): Partial
    Availibility (A): Partial
    Vulnerability Consequences:Gain Access
    References:Source: MITRE
    Type: CNA
    CVE-2004-0914

    Source: MITRE
    Type: CNA
    CVE-2005-0605

    Source: CCN
    Type: RHSA-2004-537
    openmotif security update

    Source: CCN
    Type: RHSA-2004-610
    XFree86 security update

    Source: CCN
    Type: RHSA-2004-612
    XFree86 security update

    Source: CCN
    Type: RHSA-2005-004
    lesstif security update

    Source: CCN
    Type: RHSA-2005-044
    XFree86 security update

    Source: CCN
    Type: RHSA-2005-198
    xorg-x11 security update

    Source: CCN
    Type: RHSA-2005-331
    XFree86 security update

    Source: CCN
    Type: RHSA-2005-412
    openmotif security update

    Source: CCN
    Type: RHSA-2005-473
    lesstif security update

    Source: CCN
    Type: RHSA-2008-0261
    Moderate: Red Hat Network Satellite Server security update

    Source: CCN
    Type: RHSA-2008-0524
    Low: Red Hat Network Satellite Server security update

    Source: CCN
    Type: SA13224
    X11 libXpm Multiple Image Processing Vulnerabilities

    Source: CCN
    Type: SA14460
    X11 libXpm XPM Image Buffer Overflow Vulnerability

    Source: CCN
    Type: SA19624
    SGI ProPack XFree86 Multiple Vulnerabilities

    Source: CCN
    Type: SECTRACK ID: 1013339
    LibXpm Integer Overflow in `lib/scan.c` May Let Remote Users Execute Arbitrary Code

    Source: CCN
    Type: ASA-2006-036
    Xloadimage NIFF Image and LibXPM Vulnerabilities (SCOSA-2005.56 SCOSA-2005.57)

    Source: CCN
    Type: CIAC INFORMATION BULLETIN P-165
    libXpm Integer Overflow Flaw

    Source: CCN
    Type: CIAC INFORMATION BULLETIN P-171
    SGI Advanced Linux Environment 3 Security Update #33

    Source: CCN
    Type: CIAC Information Bulletin P-276
    Apple Security Update 2005-007

    Source: DEBIAN
    Type: DSA-607
    xfree86 -- several vulnerabilities

    Source: DEBIAN
    Type: DSA-723
    xfree86 -- buffer overflow

    Source: CCN
    Type: GLSA-200503-08
    OpenMotif, LessTif: New libXpm buffer overflows

    Source: CCN
    Type: GLSA-200503-15
    X.org: libXpm vulnerability

    Source: CCN
    Type: LessTif Web site
    LessTif Home Page

    Source: CCN
    Type: Fedora Update Notification
    Fedora Core 3 Update: xorg-x11-6.8.2-1.FC3.13

    Source: CCN
    Type: Fedora Update Notification Fedora Update Notification FEDORA-2005-272 FEDORA-2005-272
    Fedora Core 2 Update: xorg-x11-6.7.0-14

    Source: CCN
    Type: BID-11694
    LibXPM Multiple Unspecified Vulnerabilities

    Source: CCN
    Type: BID-12714
    libXPM Bitmap_unit Integer Overflow Vulnerability

    Source: CCN
    Type: BID-14567
    Apple Mac OS X Multiple Vulnerabilities

    Source: CCN
    Type: TLSA-2005-5
    Multiple vulnerabilities in libXpm

    Source: CCN
    Type: USN-83-1
    LessTif 2 vulnerabilities

    Source: CCN
    Type: USN-83-2
    LessTif 1 vulnerabilities

    Source: CCN
    Type: USN-92-1
    LessTif vulnerabilities

    Source: CCN
    Type: USN-97-1
    libxpm vulnerability

    Source: XF
    Type: UNKNOWN
    lesstif-xpm-image-bo(19610)

    Source: SUSE
    Type: SUSE-SR:2005:010
    SUSE Security Summary Report

    Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:9943
    V
    Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions.
    2013-04-29
    oval:com.redhat.rhsa:def:20040612
    P
    RHSA-2004:612: XFree86 security update (Moderate)
    2004-12-20
    oval:org.debian:def:607
    V
    several vulnerabilities
    2004-12-10
    oval:com.redhat.rhsa:def:20040537
    P
    RHSA-2004:537: openmotif security update (Important)
    2004-12-02
    BACK
    lesstif lesstif 0.93
    lesstif lesstif 0.93.12
    lesstif lesstif 0.93.18
    lesstif lesstif 0.93.34
    lesstif lesstif 0.93.36
    lesstif lesstif 0.93.40
    lesstif lesstif 0.93.91
    lesstif lesstif 0.93.94
    lesstif lesstif 0.93.96
    x.org x11r6 6.7.0
    x.org x11r6 6.8
    x.org x11r6 6.8.1
    xfree86_project x11r6 3.3
    xfree86_project x11r6 3.3.2
    xfree86_project x11r6 3.3.3
    xfree86_project x11r6 3.3.4
    xfree86_project x11r6 3.3.5
    xfree86_project x11r6 3.3.6
    xfree86_project x11r6 4.0
    xfree86_project x11r6 4.0.1
    xfree86_project x11r6 4.0.2.11
    xfree86_project x11r6 4.0.3
    xfree86_project x11r6 4.1.0
    xfree86_project x11r6 4.1.11
    xfree86_project x11r6 4.1.12
    xfree86_project x11r6 4.2.0
    xfree86_project x11r6 4.2.1
    xfree86_project x11r6 4.2.1
    xfree86_project x11r6 4.3.0
    gentoo linux *
    redhat fedora core core_2.0
    redhat fedora core core_3.0
    suse suse linux 1.0
    suse suse linux 8
    suse suse linux 8.1
    suse suse linux 8.2
    suse suse linux 9.0
    suse suse linux 9.0
    suse suse linux 9.1
    suse suse linux 9.2