CVE-2004-0688

critical

Description

Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.

References

https://usn.ubuntu.com/27-1/

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11796

https://exchange.xforce.ibmcloud.com/vulnerabilities/17416

http://www.vupen.com/english/advisories/2006/1914

http://www.us-cert.gov/cas/techalerts/TA05-136A.html

http://www.securityfocus.com/bid/11196

http://www.securityfocus.com/archive/1/434715/100/0/threaded

http://www.redhat.com/support/errata/RHSA-2005-004.html

http://www.redhat.com/support/errata/RHSA-2004-537.html

http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html

http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html

http://www.mandriva.com/security/advisories?name=MDKSA-2004:098

http://www.kb.cert.org/vuls/id/537878

http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml

http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml

http://www.debian.org/security/2004/dsa-560

http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1

http://secunia.com/advisories/20235

http://scary.beasts.org/security/CESA-2004-003.txt

http://marc.info/?l=bugtraq&m=109530851323415&w=2

http://lists.apple.com/archives/security-announce/2005/May/msg00001.html

http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924

Details

Source: Mitre, NVD

Published: 2004-10-20

Updated: 2025-04-03

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical