CVE-2004-0688

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2004-0688
Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://www.securityfocus.com/bid/11196 Patch Vendor Advisory
http://scary.beasts.org/security/CESA-2004-003.txt
http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch
http://www.debian.org/security/2004/dsa-560
http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml
http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml
http://www.redhat.com/support/errata/RHSA-2004-537.html
http://www.redhat.com/support/errata/RHSA-2005-004.html
http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html
http://www.kb.cert.org/vuls/id/537878 US Government Resource
http://lists.apple.com/archives/security-announce/2005/May/msg00001.html
http://www.us-cert.gov/cas/techalerts/TA05-136A.html US Government Resource
http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1
http://secunia.com/advisories/20235
http://www.mandriva.com/security/advisories?name=MDKSA-2004:098
http://www.vupen.com/english/advisories/2006/1914
http://marc.info/?l=bugtraq&m=109530851323415&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/17416
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11796
https://usn.ubuntu.com/27-1/
http://www.securityfocus.com/archive/1/434715/100/0/threaded
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:xfree86_project:x11r6:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:xfree86_project:x11r6:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:xfree86_project:x11r6:4.0.2.11:*:*:*:*:*:*:*
cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:errata:*:*:*:*:*
cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*
cpe:2.3:a:x.org:x11r6:6.7.0:*:*:*:*:*:*:*
cpe:2.3:a:x.org:x11r6:6.8:*:*:*:*:*:*:*
cpe:2.3:a:xfree86_project:x11r6:4.1.11:*:*:*:*:*:*:*
cpe:2.3:a:xfree86_project:x11r6:4.1.12:*:*:*:*:*:*:*
cpe:2.3:a:xfree86_project:x11r6:3.3.6:*:*:*:*:*:*:*
cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*
cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:3.5:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*
Information

Published : 2004-10-20 04:00

Updated : 2018-10-19 15:30

NVD link : CVE-2004-0688

Mitre link : CVE-2004-0688

JSON object : View

Products Affected

x.org

  • x11r6

xfree86_project

  • x11r6

openbsd

  • openbsd

suse

  • suse_linux
CWE
NVD-CWE-Other