CVE-2004-0688: Integer Overflow
First published: Fri Sep 24 2004(Updated: )
Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Xfree86 Project X11r6 | =4.1.0 | |
| Xfree86 Project X11r6 | =3.3.6 | |
| Xfree86 Project X11r6 | =4.0.2.11 | |
| Xfree86 Project X11r6 | =4.0.3 | |
| X.org X11r6 | =6.7.0 | |
| Xfree86 Project X11r6 | =4.3.0 | |
| Xfree86 Project X11r6 | =4.2.1 | |
| X.org X11r6 | =6.8 | |
| Xfree86 Project X11r6 | =4.0 | |
| Xfree86 Project X11r6 | =4.0.1 | |
| Xfree86 Project X11r6 | =4.2.0 | |
| Xfree86 Project X11r6 | =4.1.12 | |
| Xfree86 Project X11r6 | =4.2.1 | |
| Xfree86 Project X11r6 | =4.1.11 | |
| Suse Suse Linux | =9.0 | |
| Suse Suse Linux | =9.0 | |
| Suse Suse Linux | =8.2 | |
| Suse Suse Linux | =8 | |
| Suse Suse Linux | =9.0 | |
| Suse Suse Linux | =9.1 | |
| Openbsd Openbsd | =3.5 | |
| Openbsd Openbsd | =3.4 | |
| Suse Suse Linux | =8.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/11196
- http://scary.beasts.org/security/CESA-2004-003.txt
- http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch
- http://www.debian.org/security/2004/dsa-560
- http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml
- http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml
- http://www.redhat.com/support/errata/RHSA-2004-537.html
- http://www.redhat.com/support/errata/RHSA-2005-004.html
- http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html
- http://www.kb.cert.org/vuls/id/537878
- http://lists.apple.com/archives/security-announce/2005/May/msg00001.html
- http://www.us-cert.gov/cas/techalerts/TA05-136A.html
- http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1
- http://secunia.com/advisories/20235
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:098
- http://www.vupen.com/english/advisories/2006/1914
- http://marc.info/?l=bugtraq&m=109530851323415&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17416
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11796
- https://usn.ubuntu.com/27-1/
- http://www.securityfocus.com/archive/1/434715/100/0/threaded
- collector/nvd-historical
- collector/nvd-index
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/remedy
- agent/references
- agent/weakness
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/xfree86 project
- canonical/xfree86 project x11r6
- version/xfree86 project x11r6/4.1.0
- version/xfree86 project x11r6/3.3.6
- version/xfree86 project x11r6/4.0.2.11
- version/xfree86 project x11r6/4.0.3
- vendor/x.org
- canonical/x.org x11r6
- version/x.org x11r6/6.7.0
- version/xfree86 project x11r6/4.3.0
- version/xfree86 project x11r6/4.2.1
- version/x.org x11r6/6.8
- version/xfree86 project x11r6/4.0
- version/xfree86 project x11r6/4.0.1
- version/xfree86 project x11r6/4.2.0
- version/xfree86 project x11r6/4.1.12
- version/xfree86 project x11r6/4.1.11
- vendor/suse
- canonical/suse suse linux
- version/suse suse linux/9.0
- version/suse suse linux/8.2
- version/suse suse linux/8
- version/suse suse linux/9.1
- vendor/openbsd
- canonical/openbsd openbsd
- version/openbsd openbsd/3.5
- version/openbsd openbsd/3.4
- version/suse suse linux/8.1