Vulnerability Name: | CVE-2004-0914 (CCN-18142) | ||||||||||||||||||||
Assigned: | 2004-09-15 | ||||||||||||||||||||
Published: | 2004-09-15 | ||||||||||||||||||||
Updated: | 2017-10-11 | ||||||||||||||||||||
Summary: | Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. Note: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions. | ||||||||||||||||||||
CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||||||||||||||
CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||||||||||||||
Vulnerability Type: | CWE-Other | ||||||||||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2004-0914 Source: CCN Type: RHSA-2004-537 openmotif security update Source: REDHAT Type: UNKNOWN RHSA-2004:537 Source: CCN Type: RHSA-2004-610 XFree86 security update Source: CCN Type: RHSA-2004-612 XFree86 security update Source: CCN Type: RHSA-2005-004 lesstif security update Source: CCN Type: RHSA-2008-0524 Low: Red Hat Network Satellite Server security update Source: CCN Type: SA13224 X11 libXpm Multiple Image Processing Vulnerabilities Source: SECUNIA Type: Vendor Advisory 13224 Source: DEBIAN Type: Patch, Vendor Advisory DSA-607 Source: DEBIAN Type: DSA-607 xfree86 -- several vulnerabilities Source: CCN Type: GLSA-200411-28 X.Org, XFree86: libXpm vulnerabilities Source: GENTOO Type: Patch, Vendor Advisory GLSA-200411-28 Source: CCN Type: GLSA-200502-06 LessTif: Multiple vulnerabilities in libXpm Source: GENTOO Type: UNKNOWN GLSA-200502-06 Source: CCN Type: GLSA-200502-07 OpenMotif: Multiple vulnerabilities in libXpm Source: GENTOO Type: UNKNOWN GLSA-200502-07 Source: CCN Type: Fedora Update Notification FEDORA-2004-433 xorg-x11-6.7.0-10 update Source: FEDORA Type: UNKNOWN FEDORA-2004-433 Source: CCN Type: Fedora Update Notification FEDORA-2004-434 xorg-x11-6.8.1-12.FC3.1 update Source: MANDRAKE Type: UNKNOWN MDKSA-2004:137 Source: FEDORA Type: UNKNOWN FLSA-2006:152803 Source: REDHAT Type: UNKNOWN RHSA-2004:610 Source: REDHAT Type: UNKNOWN RHSA-2005:004 Source: BID Type: Patch, Vendor Advisory 11694 Source: CCN Type: BID-11694 LibXPM Multiple Unspecified Vulnerabilities Source: CCN Type: BID-11837 IMLib Multiple Remote Integer Overflow Vulnerabilities Source: CCN Type: TLSA-2005-5 Multiple vulnerabilities in libXpm Source: CCN Type: USN-83-1 LessTif 2 vulnerabilities Source: UBUNTU Type: UNKNOWN USN-83-1 Source: CCN Type: USN-83-2 LessTif 1 vulnerabilities Source: UBUNTU Type: UNKNOWN USN-83-2 Source: CONFIRM Type: UNKNOWN http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch Source: HP Type: UNKNOWN HPSBTU01228 Source: CCN Type: X.Org Foundation Web site X.Org Source: XF Type: UNKNOWN libxpm-image-bo(18142) Source: XF Type: UNKNOWN libxpm-image-bo(18142) Source: XF Type: UNKNOWN libxpm-improper-memory-access(18144) Source: XF Type: UNKNOWN libxpm-command-execution(18145) Source: XF Type: UNKNOWN libxpm-directory-traversal(18146) Source: XF Type: UNKNOWN libxpm-dos(18147) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:9943 | ||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration RedHat 1: Denotes that component is vulnerable | ||||||||||||||||||||
Vulnerability Name: | CVE-2004-0914 (CCN-18144) | ||||||||||||||||||||
Assigned: | 2004-09-15 | ||||||||||||||||||||
Published: | 2004-09-15 | ||||||||||||||||||||
Updated: | 2004-11-17 | ||||||||||||||||||||
Summary: | Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. Note: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions. | ||||||||||||||||||||
CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||
CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2004-0914 Source: CCN Type: RHSA-2004-537 openmotif security update Source: CCN Type: RHSA-2004-610 XFree86 security update Source: CCN Type: RHSA-2004-612 XFree86 security update Source: CCN Type: RHSA-2005-004 lesstif security update Source: CCN Type: RHSA-2008-0524 Low: Red Hat Network Satellite Server security update Source: CCN Type: SA13224 X11 libXpm Multiple Image Processing Vulnerabilities Source: DEBIAN Type: DSA-607 xfree86 -- several vulnerabilities Source: CCN Type: GLSA-200411-28 X.Org, XFree86: libXpm vulnerabilities Source: CCN Type: GLSA-200502-06 LessTif: Multiple vulnerabilities in libXpm Source: CCN Type: GLSA-200502-07 OpenMotif: Multiple vulnerabilities in libXpm Source: CCN Type: Fedora Update Notification FEDORA-2004-433 xorg-x11-6.7.0-10 update Source: CCN Type: Fedora Update Notification FEDORA-2004-434 xorg-x11-6.8.1-12.FC3.1 update Source: CCN Type: BID-11694 LibXPM Multiple Unspecified Vulnerabilities Source: CCN Type: TLSA-2005-5 Multiple vulnerabilities in libXpm Source: CCN Type: USN-83-1 LessTif 2 vulnerabilities Source: CCN Type: USN-83-2 LessTif 1 vulnerabilities Source: CCN Type: X.Org Foundation Web site X.Org Source: XF Type: UNKNOWN libxpm-improper-memory-access(18144) | ||||||||||||||||||||
Vulnerable Configuration: | Configuration RedHat 1: Denotes that component is vulnerable | ||||||||||||||||||||
Vulnerability Name: | CVE-2004-0914 (CCN-18145) | ||||||||||||||||||||
Assigned: | 2004-09-15 | ||||||||||||||||||||
Published: | 2004-09-15 | ||||||||||||||||||||
Updated: | 2004-11-17 | ||||||||||||||||||||
Summary: | Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. Note: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions. | ||||||||||||||||||||
CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||
CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2004-0914 Source: CCN Type: RHSA-2004-537 openmotif security update Source: CCN Type: RHSA-2004-610 XFree86 security update Source: CCN Type: RHSA-2004-612 XFree86 security update Source: CCN Type: RHSA-2005-004 lesstif security update Source: CCN Type: RHSA-2008-0524 Low: Red Hat Network Satellite Server security update Source: CCN Type: SA13224 X11 libXpm Multiple Image Processing Vulnerabilities Source: DEBIAN Type: DSA-607 xfree86 -- several vulnerabilities Source: CCN Type: GLSA-200411-28 X.Org, XFree86: libXpm vulnerabilities Source: CCN Type: GLSA-200502-06 LessTif: Multiple vulnerabilities in libXpm Source: CCN Type: GLSA-200502-07 OpenMotif: Multiple vulnerabilities in libXpm Source: CCN Type: Fedora Update Notification FEDORA-2004-433 xorg-x11-6.7.0-10 update Source: CCN Type: Fedora Update Notification FEDORA-2004-434 xorg-x11-6.8.1-12.FC3.1 update Source: CCN Type: BID-11694 LibXPM Multiple Unspecified Vulnerabilities Source: CCN Type: TLSA-2005-5 Multiple vulnerabilities in libXpm Source: CCN Type: USN-83-1 LessTif 2 vulnerabilities Source: CCN Type: USN-83-2 LessTif 1 vulnerabilities Source: CCN Type: X.Org Foundation Web site X.Org Source: XF Type: UNKNOWN libxpm-command-execution(18145) | ||||||||||||||||||||
Vulnerable Configuration: | Configuration RedHat 1: Denotes that component is vulnerable | ||||||||||||||||||||
Vulnerability Name: | CVE-2004-0914 (CCN-18146) | ||||||||||||||||||||
Assigned: | 2004-09-15 | ||||||||||||||||||||
Published: | 2004-09-15 | ||||||||||||||||||||
Updated: | 2004-11-17 | ||||||||||||||||||||
Summary: | Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. Note: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions. | ||||||||||||||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||||||||||||||
CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||||||||||||||
Vulnerability Consequences: | Obtain Information | ||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2004-0914 Source: CCN Type: RHSA-2004-537 openmotif security update Source: CCN Type: RHSA-2004-610 XFree86 security update Source: CCN Type: RHSA-2004-612 XFree86 security update Source: CCN Type: RHSA-2005-004 lesstif security update Source: CCN Type: RHSA-2008-0524 Low: Red Hat Network Satellite Server security update Source: CCN Type: SA13224 X11 libXpm Multiple Image Processing Vulnerabilities Source: DEBIAN Type: DSA-607 xfree86 -- several vulnerabilities Source: CCN Type: GLSA-200411-28 X.Org, XFree86: libXpm vulnerabilities Source: CCN Type: GLSA-200502-06 LessTif: Multiple vulnerabilities in libXpm Source: CCN Type: GLSA-200502-07 OpenMotif: Multiple vulnerabilities in libXpm Source: CCN Type: Fedora Update Notification FEDORA-2004-433 xorg-x11-6.7.0-10 update Source: CCN Type: Fedora Update Notification FEDORA-2004-434 xorg-x11-6.8.1-12.FC3.1 update Source: CCN Type: BID-11694 LibXPM Multiple Unspecified Vulnerabilities Source: CCN Type: TLSA-2005-5 Multiple vulnerabilities in libXpm Source: CCN Type: USN-83-1 LessTif 2 vulnerabilities Source: CCN Type: USN-83-2 LessTif 1 vulnerabilities Source: CCN Type: X.Org Foundation Web site X.Org Source: XF Type: UNKNOWN libxpm-directory-traversal(18146) | ||||||||||||||||||||
Vulnerable Configuration: | Configuration RedHat 1: Denotes that component is vulnerable | ||||||||||||||||||||
Vulnerability Name: | CVE-2004-0914 (CCN-18147) | ||||||||||||||||||||
Assigned: | 2004-09-15 | ||||||||||||||||||||
Published: | 2004-09-15 | ||||||||||||||||||||
Updated: | 2017-10-11 | ||||||||||||||||||||
Summary: | Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. Note: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions. | ||||||||||||||||||||
CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||
CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||||||||||||||
Vulnerability Type: | CWE-Other | ||||||||||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2004-0914 Source: CCN Type: RHSA-2004-537 openmotif security update Source: CCN Type: RHSA-2004-610 XFree86 security update Source: CCN Type: RHSA-2004-612 XFree86 security update Source: CCN Type: RHSA-2005-004 lesstif security update Source: CCN Type: RHSA-2008-0524 Low: Red Hat Network Satellite Server security update Source: CCN Type: SA13224 X11 libXpm Multiple Image Processing Vulnerabilities Source: DEBIAN Type: DSA-607 xfree86 -- several vulnerabilities Source: CCN Type: GLSA-200411-28 X.Org, XFree86: libXpm vulnerabilities Source: CCN Type: GLSA-200502-06 LessTif: Multiple vulnerabilities in libXpm Source: CCN Type: GLSA-200502-07 OpenMotif: Multiple vulnerabilities in libXpm Source: CCN Type: Fedora Update Notification FEDORA-2004-433 xorg-x11-6.7.0-10 update Source: CCN Type: Fedora Update Notification FEDORA-2004-434 xorg-x11-6.8.1-12.FC3.1 update Source: CCN Type: BID-11694 LibXPM Multiple Unspecified Vulnerabilities Source: CCN Type: TLSA-2005-5 Multiple vulnerabilities in libXpm Source: CCN Type: USN-83-1 LessTif 2 vulnerabilities Source: CCN Type: USN-83-2 LessTif 1 vulnerabilities Source: CCN Type: X.Org Foundation Web site X.Org Source: XF Type: UNKNOWN libxpm-dos(18147) | ||||||||||||||||||||
Vulnerable Configuration: | Configuration RedHat 1: Denotes that component is vulnerable | ||||||||||||||||||||
Vulnerability Name: | CVE-2004-0914 (CCN-19610) | ||||||||||||||||||||
Assigned: | 2004-09-15 | ||||||||||||||||||||
Published: | 2004-09-15 | ||||||||||||||||||||
Updated: | 2005-03-04 | ||||||||||||||||||||
Summary: | Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. Note: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions. | ||||||||||||||||||||
CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||
CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2004-0914 Source: MITRE Type: CNA CVE-2005-0605 Source: CCN Type: RHSA-2004-537 openmotif security update Source: CCN Type: RHSA-2004-610 XFree86 security update Source: CCN Type: RHSA-2004-612 XFree86 security update Source: CCN Type: RHSA-2005-004 lesstif security update Source: CCN Type: RHSA-2005-044 XFree86 security update Source: CCN Type: RHSA-2005-198 xorg-x11 security update Source: CCN Type: RHSA-2005-331 XFree86 security update Source: CCN Type: RHSA-2005-412 openmotif security update Source: CCN Type: RHSA-2005-473 lesstif security update Source: CCN Type: RHSA-2008-0261 Moderate: Red Hat Network Satellite Server security update Source: CCN Type: RHSA-2008-0524 Low: Red Hat Network Satellite Server security update Source: CCN Type: SA13224 X11 libXpm Multiple Image Processing Vulnerabilities Source: CCN Type: SA14460 X11 libXpm XPM Image Buffer Overflow Vulnerability Source: CCN Type: SA19624 SGI ProPack XFree86 Multiple Vulnerabilities Source: CCN Type: SECTRACK ID: 1013339 LibXpm Integer Overflow in `lib/scan.c` May Let Remote Users Execute Arbitrary Code Source: CCN Type: ASA-2006-036 Xloadimage NIFF Image and LibXPM Vulnerabilities (SCOSA-2005.56 SCOSA-2005.57) Source: CCN Type: CIAC INFORMATION BULLETIN P-165 libXpm Integer Overflow Flaw Source: CCN Type: CIAC INFORMATION BULLETIN P-171 SGI Advanced Linux Environment 3 Security Update #33 Source: CCN Type: CIAC Information Bulletin P-276 Apple Security Update 2005-007 Source: DEBIAN Type: DSA-607 xfree86 -- several vulnerabilities Source: DEBIAN Type: DSA-723 xfree86 -- buffer overflow Source: CCN Type: GLSA-200503-08 OpenMotif, LessTif: New libXpm buffer overflows Source: CCN Type: GLSA-200503-15 X.org: libXpm vulnerability Source: CCN Type: LessTif Web site LessTif Home Page Source: CCN Type: Fedora Update Notification Fedora Core 3 Update: xorg-x11-6.8.2-1.FC3.13 Source: CCN Type: Fedora Update Notification Fedora Update Notification FEDORA-2005-272 FEDORA-2005-272 Fedora Core 2 Update: xorg-x11-6.7.0-14 Source: CCN Type: BID-11694 LibXPM Multiple Unspecified Vulnerabilities Source: CCN Type: BID-12714 libXPM Bitmap_unit Integer Overflow Vulnerability Source: CCN Type: BID-14567 Apple Mac OS X Multiple Vulnerabilities Source: CCN Type: TLSA-2005-5 Multiple vulnerabilities in libXpm Source: CCN Type: USN-83-1 LessTif 2 vulnerabilities Source: CCN Type: USN-83-2 LessTif 1 vulnerabilities Source: CCN Type: USN-92-1 LessTif vulnerabilities Source: CCN Type: USN-97-1 libxpm vulnerability Source: XF Type: UNKNOWN lesstif-xpm-image-bo(19610) Source: SUSE Type: SUSE-SR:2005:010 SUSE Security Summary Report | ||||||||||||||||||||
Vulnerable Configuration: | Configuration RedHat 1: Denotes that component is vulnerable | ||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||
| |||||||||||||||||||||
BACK |