CVE-2004-0687

 

Published at: - 20-10-2004 06:00

Last modified: - 20-01-2023 08:15

Total changes: - 2

Description

Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:N/C:P/I:P/A:P

 

Verification logic

 

Reference

• 11196-Patch, Vendor Advisory
• http://scary.beasts.org/security/CESA-2004-003.txt
• http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch
• DSA-560-
• GLSA-200409-34-
• GLSA-200502-07-
• RHSA-2004:537-
• RHSA-2005:004-
• SUSE-SA:2004:034-
• VU#882750-US Government Resource
• APPLE-SA-2005-05-03-
• TA05-136A-US Government Resource
• FLSA-2006:152803-
• CLA-2005:924-
• 57653-
• 20235-
• MDKSA-2004:098-
• ADV-2006-1914-
• 20040915 CESA-2004-004: libXpm-
• libxpm-multiple-stack-bo(17414)-
• oval:org.mitre.oval:def:9187-
• USN-27-1-
• HPSBUX02119-
• http://packetstormsecurity.com/files/170620/Solaris-10-dtprintinfo-libXm-libXpm-Security-Issues.html

 

Keywords

NVD

 

CVE-2004-0687

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures