| Vulnerability Name: | CVE-2005-0605 (CCN-19610) |
| Assigned: | 2005-03-01 |
| Published: | 2005-03-01 |
| Updated: | 2018-10-03 |
| Summary: | scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow. |
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low |
|
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None | | Impact Metrics: | Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial |
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
| | Impact Metrics: | Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial |
|
| Vulnerability Type: | CWE-Other
|
| Vulnerability Consequences: | Gain Access |
| References: | Source: SCO
Type: UNKNOWN
SCOSA-2006.5
Source: SCO
Type: UNKNOWN
SCOSA-2005.57
Source: SGI
Type: UNKNOWN
20060403-01-U
Source: CONFIRM
Type: Patch, Vendor Advisory
http://bugs.gentoo.org/show_bug.cgi?id=83598
Source: CONFIRM
Type: Patch, Vendor Advisory
http://bugs.gentoo.org/show_bug.cgi?id=83655
Source: MITRE
Type: CNA
CVE-2004-0914
Source: MITRE
Type: CNA
CVE-2005-0605
Source: APPLE
Type: UNKNOWN
APPLE-SA-2005-08-17
Source: APPLE
Type: UNKNOWN
APPLE-SA-2005-08-15
Source: CCN
Type: RHSA-2004-537
openmotif security update
Source: CCN
Type: RHSA-2004-610
XFree86 security update
Source: CCN
Type: RHSA-2004-612
XFree86 security update
Source: CCN
Type: RHSA-2005-004
lesstif security update
Source: CCN
Type: RHSA-2005-044
XFree86 security update
Source: CCN
Type: RHSA-2005-198
xorg-x11 security update
Source: CCN
Type: RHSA-2005-331
XFree86 security update
Source: CCN
Type: RHSA-2005-412
openmotif security update
Source: CCN
Type: RHSA-2005-473
lesstif security update
Source: CCN
Type: RHSA-2008-0261
Moderate: Red Hat Network Satellite Server security update
Source: CCN
Type: RHSA-2008-0524
Low: Red Hat Network Satellite Server security update
Source: CCN
Type: SA13224
X11 libXpm Multiple Image Processing Vulnerabilities
Source: CCN
Type: SA14460
X11 libXpm XPM Image Buffer Overflow Vulnerability
Source: SECUNIA
Type: UNKNOWN
14460
Source: SECUNIA
Type: UNKNOWN
18049
Source: SECUNIA
Type: UNKNOWN
18316
Source: CCN
Type: SA19624
SGI ProPack XFree86 Multiple Vulnerabilities
Source: SECUNIA
Type: UNKNOWN
19624
Source: GENTOO
Type: Patch, Vendor Advisory
GLSA-200503-08
Source: CCN
Type: SECTRACK ID: 1013339
LibXpm Integer Overflow in `lib/scan.c` May Let Remote Users Execute Arbitrary Code
Source: SECTRACK
Type: Patch, Vendor Advisory
1013339
Source: CCN
Type: ASA-2006-036
Xloadimage NIFF Image and LibXPM Vulnerabilities (SCOSA-2005.56 SCOSA-2005.57)
Source: CCN
Type: CIAC INFORMATION BULLETIN P-165
libXpm Integer Overflow Flaw
Source: CCN
Type: CIAC INFORMATION BULLETIN P-171
SGI Advanced Linux Environment 3 Security Update #33
Source: CCN
Type: CIAC Information Bulletin P-276
Apple Security Update 2005-007
Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-723
Source: DEBIAN
Type: DSA-607
xfree86 -- several vulnerabilities
Source: DEBIAN
Type: DSA-723
xfree86 -- buffer overflow
Source: CCN
Type: GLSA-200503-08
OpenMotif, LessTif: New libXpm buffer overflows
Source: CCN
Type: GLSA-200503-15
X.org: libXpm vulnerability
Source: GENTOO
Type: Patch, Vendor Advisory
GLSA-200503-15
Source: CCN
Type: LessTif Web site
LessTif Home Page
Source: CCN
Type: Fedora Update Notification
Fedora Core 3 Update: xorg-x11-6.8.2-1.FC3.13
Source: CCN
Type: Fedora Update Notification
Fedora Update Notification FEDORA-2005-272
FEDORA-2005-272
Fedora Core 2 Update: xorg-x11-6.7.0-14
Source: FEDORA
Type: UNKNOWN
FLSA-2006:152803
Source: REDHAT
Type: UNKNOWN
RHSA-2005:044
Source: REDHAT
Type: UNKNOWN
RHSA-2005:198
Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2005:331
Source: REDHAT
Type: UNKNOWN
RHSA-2005:412
Source: REDHAT
Type: UNKNOWN
RHSA-2005:473
Source: REDHAT
Type: UNKNOWN
RHSA-2008:0261
Source: CCN
Type: BID-11694
LibXPM Multiple Unspecified Vulnerabilities
Source: BID
Type: Patch, Vendor Advisory
12714
Source: CCN
Type: BID-12714
libXPM Bitmap_unit Integer Overflow Vulnerability
Source: CCN
Type: BID-14567
Apple Mac OS X Multiple Vulnerabilities
Source: CCN
Type: TLSA-2005-5
Multiple vulnerabilities in libXpm
Source: CCN
Type: USN-83-1
LessTif 2 vulnerabilities
Source: CCN
Type: USN-83-2
LessTif 1 vulnerabilities
Source: CCN
Type: USN-92-1
LessTif vulnerabilities
Source: CCN
Type: USN-97-1
libxpm vulnerability
Source: CONFIRM
Type: Vendor Advisory
https://bugs.freedesktop.org/attachment.cgi?id=1909
Source: XF
Type: UNKNOWN
lesstif-xpm-image-bo(19610)
Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10411
Source: UBUNTU
Type: UNKNOWN
USN-92-1
Source: UBUNTU
Type: UNKNOWN
USN-97-1
Source: CCN
Type: SUSE-SR:2005:010
SUSE Security Summary Report
|
| Vulnerable Configuration: | Configuration 1:
cpe:/a:lesstif:lesstif:0.93.94:*:*:*:*:*:*:*OR cpe:/a:sgi:propack:3.0:*:*:*:*:*:*:*OR cpe:/a:x.org:x11r6:6.7.0:*:*:*:*:*:*:*OR cpe:/a:x.org:x11r6:6.8:*:*:*:*:*:*:*OR cpe:/a:x.org:x11r6:6.8.1:*:*:*:*:*:*:*OR cpe:/a:xfree86_project:x11r6:3.3:*:*:*:*:*:*:*OR cpe:/a:xfree86_project:x11r6:3.3.2:*:*:*:*:*:*:*OR cpe:/a:xfree86_project:x11r6:3.3.3:*:*:*:*:*:*:*OR cpe:/a:xfree86_project:x11r6:3.3.4:*:*:*:*:*:*:*OR cpe:/a:xfree86_project:x11r6:3.3.5:*:*:*:*:*:*:*OR cpe:/a:xfree86_project:x11r6:3.3.6:*:*:*:*:*:*:*OR cpe:/a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*OR cpe:/a:xfree86_project:x11r6:4.0.1:*:*:*:*:*:*:*OR cpe:/a:xfree86_project:x11r6:4.0.2.11:*:*:*:*:*:*:*OR cpe:/a:xfree86_project:x11r6:4.0.3:*:*:*:*:*:*:*OR cpe:/a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*OR cpe:/a:xfree86_project:x11r6:4.1.11:*:*:*:*:*:*:*OR cpe:/a:xfree86_project:x11r6:4.1.12:*:*:*:*:*:*:*OR cpe:/a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*OR cpe:/a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*OR cpe:/a:xfree86_project:x11r6:4.2.1:*:errata:*:*:*:*:*OR cpe:/a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*OR cpe:/a:xfree86_project:x11r6:4.3.0.1:*:*:*:*:*:*:*OR cpe:/a:xfree86_project:x11r6:4.3.0.2:*:*:*:*:*:*:*
Configuration 2:
cpe:/o:altlinux:alt_linux:2.3:*:compact:*:*:*:*:*OR cpe:/o:altlinux:alt_linux:2.3:*:junior:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:x86_64:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux:10.2:*:*:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux:10.2:*:x86_64:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:x86_64:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:4.0:*:advanced_server:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:4.0:*:enterprise_server:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:4.0:*:workstation:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*OR cpe:/o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*OR cpe:/o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:6.1:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:6.1:alpha:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:6.2:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:6.3:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:6.3:*:ppc:*:*:*:*:*OR cpe:/o:suse:suse_linux:6.3:alpha:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:6.4:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:6.4:*:i386:*:*:*:*:*OR cpe:/o:suse:suse_linux:6.4:*:ppc:*:*:*:*:*OR cpe:/o:suse:suse_linux:6.4:alpha:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:7.0:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:7.0:*:i386:*:*:*:*:*OR cpe:/o:suse:suse_linux:7.0:*:ppc:*:*:*:*:*OR cpe:/o:suse:suse_linux:7.0:*:sparc:*:*:*:*:*OR cpe:/o:suse:suse_linux:7.0:alpha:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:7.1:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:7.1:*:spa:*:*:*:*:*OR cpe:/o:suse:suse_linux:7.1:*:sparc:*:*:*:*:*OR cpe:/o:suse:suse_linux:7.1:*:x86:*:*:*:*:*OR cpe:/o:suse:suse_linux:7.1:alpha:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:7.2:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:7.2:*:i386:*:*:*:*:*OR cpe:/o:suse:suse_linux:7.3:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:7.3:*:i386:*:*:*:*:*OR cpe:/o:suse:suse_linux:7.3:*:ppc:*:*:*:*:*OR cpe:/o:suse:suse_linux:7.3:*:sparc:*:*:*:*:*OR cpe:/o:suse:suse_linux:8.0:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:8.0:*:i386:*:*:*:*:*OR cpe:/o:suse:suse_linux:8.1:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:9.1:*:x86_64:*:*:*:*:*OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:9.2:*:x86_64:*:*:*:*:*
Configuration RedHat 1:
cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*
 Denotes that component is vulnerable |
| Vulnerability Name: | CVE-2005-0605 (CCN-19611) |
| Assigned: | 2005-03-01 |
| Published: | 2005-03-01 |
| Updated: | 2018-10-03 |
| Summary: | scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow. |
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low |
|
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None | | Impact Metrics: | Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial |
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
| | Impact Metrics: | Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial |
|
| Vulnerability Type: | CWE-Other
|
| Vulnerability Consequences: | Gain Access |
| References: | Source: MITRE
Type: CNA
CVE-2005-0605
Source: CCN
Type: RHSA-2005-044
XFree86 security update
Source: CCN
Type: RHSA-2005-198
xorg-x11 security update
Source: CCN
Type: RHSA-2005-331
XFree86 security update
Source: CCN
Type: RHSA-2005-412
openmotif security update
Source: CCN
Type: RHSA-2005-473
lesstif security update
Source: CCN
Type: RHSA-2008-0261
Moderate: Red Hat Network Satellite Server security update
Source: CCN
Type: RHSA-2008-0524
Low: Red Hat Network Satellite Server security update
Source: CCN
Type: SA14460
X11 libXpm XPM Image Buffer Overflow Vulnerability
Source: CCN
Type: SA19624
SGI ProPack XFree86 Multiple Vulnerabilities
Source: CCN
Type: SECTRACK ID: 1013339
LibXpm Integer Overflow in `lib/scan.c` May Let Remote Users Execute Arbitrary Code
Source: CCN
Type: ASA-2006-036
Xloadimage NIFF Image and LibXPM Vulnerabilities (SCOSA-2005.56 SCOSA-2005.57)
Source: CCN
Type: CIAC INFORMATION BULLETIN P-165
libXpm Integer Overflow Flaw
Source: CCN
Type: CIAC INFORMATION BULLETIN P-171
SGI Advanced Linux Environment 3 Security Update #33
Source: CCN
Type: CIAC Information Bulletin P-276
Apple Security Update 2005-007
Source: DEBIAN
Type: DSA-723
xfree86 -- buffer overflow
Source: CCN
Type: GLSA-200503-08
OpenMotif, LessTif: New libXpm buffer overflows
Source: CCN
Type: GLSA-200503-15
X.org: libXpm vulnerability
Source: CCN
Type: Fedora Update Notification
Fedora Core 3 Update: xorg-x11-6.8.2-1.FC3.13
Source: CCN
Type: Fedora Update Notification
Fedora Update Notification FEDORA-2005-272
FEDORA-2005-272
Fedora Core 2 Update: xorg-x11-6.7.0-14
Source: CCN
Type: Open Motif Web site
Open Motif -- OpenMotif -- Portal
Source: CCN
Type: BID-12714
libXPM Bitmap_unit Integer Overflow Vulnerability
Source: CCN
Type: BID-14567
Apple Mac OS X Multiple Vulnerabilities
Source: CCN
Type: USN-92-1
LessTif vulnerabilities
Source: CCN
Type: USN-97-1
libxpm vulnerability
Source: XF
Type: UNKNOWN
openmotif-xpm-image-bo(19611)
Source: SUSE
Type: SUSE-SR:2005:010
SUSE Security Summary Report
|
| Vulnerable Configuration: | Configuration RedHat 1:
cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*
Denotes that component is vulnerable |
| Oval Definitions |
|
| BACK |
lesstif lesstif 0.93.94
sgi propack 3.0
x.org x11r6 6.7.0
x.org x11r6 6.8
x.org x11r6 6.8.1
xfree86_project x11r6 3.3
xfree86_project x11r6 3.3.2
xfree86_project x11r6 3.3.3
xfree86_project x11r6 3.3.4
xfree86_project x11r6 3.3.5
xfree86_project x11r6 3.3.6
xfree86_project x11r6 4.0
xfree86_project x11r6 4.0.1
xfree86_project x11r6 4.0.2.11
xfree86_project x11r6 4.0.3
xfree86_project x11r6 4.1.0
xfree86_project x11r6 4.1.11
xfree86_project x11r6 4.1.12
xfree86_project x11r6 4.2.0
xfree86_project x11r6 4.2.1
xfree86_project x11r6 4.2.1
xfree86_project x11r6 4.3.0
xfree86_project x11r6 4.3.0.1
xfree86_project x11r6 4.3.0.2
altlinux alt linux 2.3
altlinux alt linux 2.3
mandrakesoft mandrake linux 10.0
mandrakesoft mandrake linux 10.0
mandrakesoft mandrake linux 10.1
mandrakesoft mandrake linux 10.1
mandrakesoft mandrake linux 10.2
mandrakesoft mandrake linux 10.2
mandrakesoft mandrake linux corporate server 2.1
mandrakesoft mandrake linux corporate server 2.1
mandrakesoft mandrake linux corporate server 3.0
mandrakesoft mandrake linux corporate server 3.0
redhat enterprise linux 3.0
redhat enterprise linux 3.0
redhat enterprise linux 3.0
redhat enterprise linux 4.0
redhat enterprise linux 4.0
redhat enterprise linux 4.0
redhat enterprise linux desktop 3.0
redhat enterprise linux desktop 4.0
redhat fedora core core_2.0
redhat fedora core core_3.0
suse suse linux 6.1
suse suse linux 6.1 alpha
suse suse linux 6.2
suse suse linux 6.3
suse suse linux 6.3
suse suse linux 6.3 alpha
suse suse linux 6.4
suse suse linux 6.4
suse suse linux 6.4
suse suse linux 6.4 alpha
suse suse linux 7.0
suse suse linux 7.0
suse suse linux 7.0
suse suse linux 7.0
suse suse linux 7.0 alpha
suse suse linux 7.1
suse suse linux 7.1
suse suse linux 7.1
suse suse linux 7.1
suse suse linux 7.1 alpha
suse suse linux 7.2
suse suse linux 7.2
suse suse linux 7.3
suse suse linux 7.3
suse suse linux 7.3
suse suse linux 7.3
suse suse linux 8.0
suse suse linux 8.0
suse suse linux 8.1
suse suse linux 8.2
suse suse linux 9.0
suse suse linux 9.0
suse suse linux 9.1
suse suse linux 9.1
suse suse linux 9.2
suse suse linux 9.2