What is the severity of CVE-2004-0687?

CVE-2004-0687 is rated as high risk due to stack-based buffer overflows that can lead to remote code execution.

How do I fix CVE-2004-0687?

To fix CVE-2004-0687, upgrade to libXpm version 6.8.1 or later, which contains the necessary security patches.

Who is affected by CVE-2004-0687?

CVE-2004-0687 affects users of libXpm versions prior to 6.8.1, including specific versions of X.org and XFree86.

What causes CVE-2004-0687?

CVE-2004-0687 is caused by multiple stack-based buffer overflows in the handling of malformed XPM image files.

Can CVE-2004-0687 be exploited remotely?

Yes, CVE-2004-0687 can be exploited remotely by sending a malicious XPM image file to a vulnerable application.

Vulnerability/
CVE-2004-0687

high

7.5

CWE

NVD-CWE-Other 119

24/9/2004

8/8/2024

CVE-2004-0687: Buffer Overflow

First published: Fri Sep 24 2004(Updated: )

Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
X.org X.org	=6.7.0
X.org X.org	=6.8
XFree86 X Server	=3.3.6
XFree86 X Server	=4.0
XFree86 X Server	=4.0.1
XFree86 X Server	=4.0.2.11
XFree86 X Server	=4.0.3
XFree86 X Server	=4.1.0
XFree86 X Server	=4.1.11
XFree86 X Server	=4.1.12
XFree86 X Server	=4.2.0
XFree86 X Server	=4.2.1
XFree86 X Server	=4.2.1
XFree86 X Server	=4.3.0
OpenBSD	=3.4
OpenBSD	=3.5
SUSE Linux	=8
SUSE Linux	=8.1
SUSE Linux	=8.2
SUSE Linux	=9.0
SUSE Linux	=9.0
SUSE Linux	=9.0
SUSE Linux	=9.1

Remedy

http://www.securityfocus.com/bid/11196

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2004-0687?
CVE-2004-0687 is rated as high risk due to stack-based buffer overflows that can lead to remote code execution.
How do I fix CVE-2004-0687?
To fix CVE-2004-0687, upgrade to libXpm version 6.8.1 or later, which contains the necessary security patches.
Who is affected by CVE-2004-0687?
CVE-2004-0687 affects users of libXpm versions prior to 6.8.1, including specific versions of X.org and XFree86.
What causes CVE-2004-0687?
CVE-2004-0687 is caused by multiple stack-based buffer overflows in the handling of malformed XPM image files.
Can CVE-2004-0687 be exploited remotely?
Yes, CVE-2004-0687 can be exploited remotely by sending a malicious XPM image file to a vulnerable application.

agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/author
agent/severity
agent/weakness
agent/remedy
agent/first-publish-date
agent/description
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-historical
vendor/x.org
canonical/x.org x.org
version/x.org x.org/6.7.0
version/x.org x.org/6.8
vendor/xfree86 project
canonical/xfree86 x server
version/xfree86 x server/3.3.6
version/xfree86 x server/4.0
version/xfree86 x server/4.0.1
version/xfree86 x server/4.0.2.11
version/xfree86 x server/4.0.3
version/xfree86 x server/4.1.0
version/xfree86 x server/4.1.11
version/xfree86 x server/4.1.12
version/xfree86 x server/4.2.0
version/xfree86 x server/4.2.1
version/xfree86 x server/4.3.0
vendor/openbsd
canonical/openbsd
version/openbsd/3.4
version/openbsd/3.5
vendor/suse
canonical/suse linux
version/suse linux/8
version/suse linux/8.1
version/suse linux/8.2
version/suse linux/9.0
version/suse linux/9.1