FreeBSD : xpm -- image decoding vulnerabilities (ef253f8b-0727-11d9-b45d-000c41e2cdad)

High Nessus Plugin ID 19161


The remote FreeBSD host is missing one or more security-related updates.


Chris Evans discovered several vulnerabilities in the libXpm image decoder :

- A stack-based buffer overflow in xpmParseColors

- An integer overflow in xpmParseColors

- A stack-based buffer overflow in ParsePixels and ParseAndPutPixels

The X11R6.8.1 release announcement reads :

This version is purely a security release, addressing multiple integer and stack overflows in libXpm, the X Pixmap library; all known versions of X (both XFree86 and X.Org) are affected, so all users of X are strongly encouraged to upgrade.


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 19161

File Name: freebsd_pkg_ef253f8b072711d9b45d000c41e2cdad.nasl

Version: $Revision: 1.17 $

Type: local

Published: 2005/07/13

Modified: 2013/06/22

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:XFree86-libraries, p-cpe:/a:freebsd:freebsd:agenda-snow-libs, p-cpe:/a:freebsd:freebsd:lesstif, p-cpe:/a:freebsd:freebsd:libXpm, p-cpe:/a:freebsd:freebsd:linux-openmotif, p-cpe:/a:freebsd:freebsd:linux_base, p-cpe:/a:freebsd:freebsd:mupad, p-cpe:/a:freebsd:freebsd:open-motif, p-cpe:/a:freebsd:freebsd:open-motif-devel, p-cpe:/a:freebsd:freebsd:xorg-libraries, p-cpe:/a:freebsd:freebsd:xpm, p-cpe:/a:freebsd:freebsd:zh-cle_base, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2004/09/15

Vulnerability Publication Date: 2004/09/15

Reference Information

CVE: CVE-2004-0687, CVE-2004-0688

CERT: 537878, 882750