Detections
Analytics
CVE-2004-0688
critical
Description
Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.
References
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11796
https://exchange.xforce.ibmcloud.com/vulnerabilities/17416
http://www.vupen.com/english/advisories/2006/1914
http://www.us-cert.gov/cas/techalerts/TA05-136A.html
http://www.securityfocus.com/bid/11196
http://www.securityfocus.com/archive/1/434715/100/0/threaded
http://www.redhat.com/support/errata/RHSA-2005-004.html
http://www.redhat.com/support/errata/RHSA-2004-537.html
http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html
http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html
http://www.mandriva.com/security/advisories?name=MDKSA-2004:098
http://www.kb.cert.org/vuls/id/537878
http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml
http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml
http://www.debian.org/security/2004/dsa-560
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1
http://secunia.com/advisories/20235
http://scary.beasts.org/security/CESA-2004-003.txt
http://marc.info/?l=bugtraq&m=109530851323415&w=2
http://lists.apple.com/archives/security-announce/2005/May/msg00001.html
http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924