SUSE-SA:2004:034: XFree86-libs, xshared

High Nessus Plugin ID 14775


The remote host is missing a vendor-supplied security patch


The remote host is missing the patch for the advisory SUSE-SA:2004:034 (XFree86-libs, xshared).

Chris Evans reported three vulnerabilities in libXpm which can be exploited remotely by providing malformed XPM image files.
The function xpmParseColors() is vulnerable to an integer overflow and a stack-based buffer overflow. The functions ParseAndPutPixels() as well as ParsePixels() is vulnerable to a stack-based buffer overflow too.
Additionally Matthieu Herrb found two one-byte buffer overflows.


Plugin Details

Severity: High

ID: 14775

File Name: suse_SA_2004_034.nasl

Version: $Revision: 1.9 $

Agent: unix

Published: 2004/09/17

Modified: 2016/12/27

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: Host/SuSE/rpm-list

Reference Information

CVE: CVE-2004-0687, CVE-2004-0688