| Vulnerability Name: | CVE-2004-1026 (CCN-17416) | ||||||||||||||||||||||||
| Assigned: | 2004-09-16 | ||||||||||||||||||||||||
| Published: | 2004-09-16 | ||||||||||||||||||||||||
| Updated: | 2017-10-11 | ||||||||||||||||||||||||
| Summary: | Multiple integer overflows in the image handler for imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files. | ||||||||||||||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Mon May 22 2006 - 08:38:14 CDT [security bulletin] HPSBUX02119 SSRT4848 rev.1 - HP-UX Running Motif Applications Remote Arbitrary Code Execution, Denial of Service (DoS) Source: MITRE Type: CNA CVE-2004-0688 Source: MITRE Type: CNA CVE-2004-0782 Source: MITRE Type: CNA CVE-2004-1026 Source: CCN Type: Hewlett-Packard Company Security Bulletin HPSBUX02119 SSRT4848 HP-UX Running Motif Applications Remote Arbitrary Code Execution, Denial of Service (DoS) Source: CCN Type: RHSA-2004-447 gdk-pixbuf security update Source: CCN Type: RHSA-2004-466 gtk2 security update Source: CCN Type: RHSA-2004-478 XFree86 security update Source: CCN Type: RHSA-2004-479 XFree86 security update Source: CCN Type: RHSA-2004-537 openmotif security update Source: CCN Type: RHSA-2004-651 imlib security update Source: CCN Type: RHSA-2005-004 lesstif security update Source: CCN Type: RHSA-2008-0524 Low: Red Hat Network Satellite Server security update Source: CCN Type: Scary Beasts Security Advisory CESA-2004-003 libXpm multiple image parsing flaws Source: CCN Type: SA20235 HP-UX Motif Applications libXpm Image Decoding Vulnerabilities Source: CCN Type: Sun Alert ID: 57653 libXpm Security Vulnerabilities Affect the Motif Library (libXm) Source: CCN Type: CIAC Information Bulletin 0-216 "gtk2" Package Vulnerability Source: CCN Type: CIAC Information Bulletin 0-217 "gdk-pixbuf" Package vulnerability Source: CCN Type: CIAC Information Bulletin 0-222 libXpm Library Contains Multiple Integer Overflow Vulnerabilities Source: CCN Type: CIAC Information Bulletin P-001 Red Hat Updated XFree86 Packages fix Security Issues Source: CCN Type: CIAC Information Bulletin P-052 Updated imlib Packages Fix Security Vulnerabilities Source: CCN Type: CIAC INFORMATION BULLETIN P-200 Apple Security Update 2005-005 Source: DEBIAN Type: UNKNOWN DSA-628 Source: DEBIAN Type: DSA-546 gdk-pixbuf -- several vulnerabilities Source: DEBIAN Type: DSA-549 gtk+ -- several vulnerabilities Source: DEBIAN Type: DSA-560 lesstif1-1 -- integer and stack overflows Source: DEBIAN Type: DSA-561 xfree86 -- integer and stack overflows Source: DEBIAN Type: DSA-618 imlib -- buffer overflows Source: DEBIAN Type: DSA-628 imlib2 -- integer overflows Source: CCN Type: GLSA-200409-28 GTK+ 2, gdk-pixbuf: Multiple image decoding vulnerabilities Source: CCN Type: GLSA-200409-34 X.org, XFree86: Integer and stack overflows in libXpm Source: CCN Type: GLSA-200410-09 LessTif: Integer and stack overflows in libXpm Source: CCN Type: GLSA-200412-03 imlib: Buffer overflows in image decoding Source: GENTOO Type: UNKNOWN GLSA-200412-03 Source: CCN Type: GLSA-200501-19 imlib2: Buffer overflows in image decoding Source: CCN Type: GLSA-200502-07 OpenMotif: Multiple vulnerabilities in libXpm Source: CCN Type: US-CERT VU#537878 libXpm library contains multiple integer overflow vulnerabilities Source: CCN Type: US-CERT VU#729894 GdkPixbuf XPM parser contains a heap overflow vulnerability Source: MANDRAKE Type: UNKNOWN MDKSA-2005:007 Source: REDHAT Type: Patch, Vendor Advisory RHSA-2004:651 Source: CCN Type: BID-11195 GDK-Pixbuf Multiple Vulnerabilities Source: CCN Type: BID-11196 libXpm Image Decoding Multiple Remote Buffer Overflow Vulnerabilities Source: BID Type: Vendor Advisory 11830 Source: CCN Type: BID-11830 IMLib Multiple XPM Image Decoding Buffer Overflow Vulnerabilities Source: CCN Type: TLSA-2005-5 Multiple vulnerabilities in libXpm Source: CCN Type: TLSA-2005-6 Two vulnerabilities discovered in imlib Source: CCN Type: USN-27-1 libxpm4 vulnerability Source: CCN Type: USN-53-1 imlib vulnerabilities Source: CCN Type: USN-55-1 imlib2 vulnerabilities Source: CCN Type: X.org Web site X.org Source: XF Type: UNKNOWN libxpm-xpm-overflow(17416) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:10771 Source: SUSE Type: SUSE-SA:2004:032 apache2: remote denial-of-service Source: SUSE Type: SUSE-SA:2004:033 gtk2 gdk-pixbuf: remote code execution Source: SUSE Type: SUSE-SA:2004:034 XFree86-libs xshared: remote command execution Source: SUSE Type: SUSE-SR:2004:003 SUSE Security Summary Report | ||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration RedHat 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||