CVE-2004-0688

high

Description

Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.

References

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924

http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch

http://lists.apple.com/archives/security-announce/2005/May/msg00001.html

http://marc.info/?l=bugtraq&m=109530851323415&w=2

http://scary.beasts.org/security/CESA-2004-003.txt

http://secunia.com/advisories/20235

http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1

http://www.debian.org/security/2004/dsa-560

http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml

http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml

http://www.kb.cert.org/vuls/id/537878

http://www.mandriva.com/security/advisories?name=MDKSA-2004:098

http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html

http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html

http://www.redhat.com/support/errata/RHSA-2004-537.html

http://www.redhat.com/support/errata/RHSA-2005-004.html

http://www.securityfocus.com/archive/1/434715/100/0/threaded

http://www.securityfocus.com/bid/11196

http://www.us-cert.gov/cas/techalerts/TA05-136A.html

http://www.vupen.com/english/advisories/2006/1914

https://exchange.xforce.ibmcloud.com/vulnerabilities/17416

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11796

https://usn.ubuntu.com/27-1/

Details

Source: MITRE

Published: 2004-10-20

Updated: 2018-10-19

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH