What is the severity of CVE-2004-0688?

CVE-2004-0688 has a high severity level due to its potential to allow remote code execution through manipulated XPM image files.

How do I fix CVE-2004-0688?

To fix CVE-2004-0688, upgrade to libXpm version 6.8.1 or later, which includes patches addressing these integer overflow vulnerabilities.

Which software is affected by CVE-2004-0688?

CVE-2004-0688 affects libXpm versions prior to 6.8.1, including various X.org and XFree86 X server versions.

What type of vulnerability is CVE-2004-0688?

CVE-2004-0688 is categorized as an integer overflow vulnerability in specific functions that handle parsing of XPM image files.

Can CVE-2004-0688 be exploited remotely?

Yes, CVE-2004-0688 can be exploited remotely when an attacker sends a specially crafted XPM image file to the target system.

Vulnerability/
CVE-2004-0688

high

7.5

CWE

NVD-CWE-Other 190

24/9/2004

8/8/2024

CVE-2004-0688: Integer Overflow

First published: Fri Sep 24 2004(Updated: )

Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
X.org X.org	=6.7.0
X.org X.org	=6.8
XFree86 X Server	=3.3.6
XFree86 X Server	=4.0
XFree86 X Server	=4.0.1
XFree86 X Server	=4.0.2.11
XFree86 X Server	=4.0.3
XFree86 X Server	=4.1.0
XFree86 X Server	=4.1.11
XFree86 X Server	=4.1.12
XFree86 X Server	=4.2.0
XFree86 X Server	=4.2.1
XFree86 X Server	=4.2.1
XFree86 X Server	=4.3.0
OpenBSD	=3.4
OpenBSD	=3.5
SUSE Linux	=8
SUSE Linux	=8.1
SUSE Linux	=8.2
SUSE Linux	=9.0
SUSE Linux	=9.0
SUSE Linux	=9.0
SUSE Linux	=9.1

Remedy

http://www.securityfocus.com/bid/11196

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2004-0688?
CVE-2004-0688 has a high severity level due to its potential to allow remote code execution through manipulated XPM image files.
How do I fix CVE-2004-0688?
To fix CVE-2004-0688, upgrade to libXpm version 6.8.1 or later, which includes patches addressing these integer overflow vulnerabilities.
Which software is affected by CVE-2004-0688?
CVE-2004-0688 affects libXpm versions prior to 6.8.1, including various X.org and XFree86 X server versions.
What type of vulnerability is CVE-2004-0688?
CVE-2004-0688 is categorized as an integer overflow vulnerability in specific functions that handle parsing of XPM image files.
Can CVE-2004-0688 be exploited remotely?
Yes, CVE-2004-0688 can be exploited remotely when an attacker sends a specially crafted XPM image file to the target system.

agent/type
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/author
agent/severity
agent/weakness
agent/remedy
agent/references
agent/first-publish-date
agent/description
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-historical
vendor/x.org
canonical/x.org x.org
version/x.org x.org/6.7.0
version/x.org x.org/6.8
vendor/xfree86 project
canonical/xfree86 x server
version/xfree86 x server/3.3.6
version/xfree86 x server/4.0
version/xfree86 x server/4.0.1
version/xfree86 x server/4.0.2.11
version/xfree86 x server/4.0.3
version/xfree86 x server/4.1.0
version/xfree86 x server/4.1.11
version/xfree86 x server/4.1.12
version/xfree86 x server/4.2.0
version/xfree86 x server/4.2.1
version/xfree86 x server/4.3.0
vendor/openbsd
canonical/openbsd
version/openbsd/3.4
version/openbsd/3.5
vendor/suse
canonical/suse linux
version/suse linux/8
version/suse linux/8.1
version/suse linux/8.2
version/suse linux/9.0
version/suse linux/9.1