Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2004-0687

Published: 20/10/2004 Updated: 20/01/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Xfree86 Project

Vulnerability Summary

Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm prior to 6.8.1 allow remote malicious users to execute arbitrary code via a malformed XPM image file.

Vulnerable Product Search on Vulmon Subscribe to Product

xfree86 project x11r6 4.1.0

xfree86 project x11r6 3.3.6

xfree86 project x11r6 4.0.2.11

xfree86 project x11r6 4.0.3

x.org x11r6 6.7.0

xfree86 project x11r6 4.3.0

xfree86 project x11r6 4.2.1

x.org x11r6 6.8

xfree86 project x11r6 4.0

xfree86 project x11r6 4.0.1

xfree86 project x11r6 4.2.0

xfree86 project x11r6 4.1.12

xfree86 project x11r6 4.1.11

suse suse linux 9.0

suse suse linux 8.2

suse suse linux 8

suse suse linux 9.1

openbsd openbsd 3.5

openbsd openbsd 3.4

suse suse linux 8.1

Vendor Advisories

Ubuntu Security Notice: libxpm4 vulnerability
Chris Evans discovered several stack overflows in the versions of libXpm shipped by XOrg, XFree86, and LessTif These overflows were fixed in the Warty development tree before its release Mathieu Herrb of OpenBSD subsequently discovered that the original patch was insufficient to address these overflows, and thus the version of libxpm4 shipped w ...
Red Hat: XFree86 security update
Synopsis XFree86 security update Type/Severity Security Advisory: Moderate Topic Updated XFree86 packages that fix several security issues in libXpm, aswell as other bug fixes, are now available for Red Hat Enterprise Linux 21 Description XFree86 is an open source implementation of the X ...
Red Hat: XFree86 security update
Synopsis XFree86 security update Type/Severity Security Advisory: Moderate Topic Updated XFree86 packages that fix several security flaws in libXpm,as well as other bugs, are now available for Red Hat Enterprise Linux 3 Description XFree86 is an open source implementation of the X Window S ...
Red Hat: openmotif security update
Synopsis openmotif security update Type/Severity Security Advisory: Important Topic Updated openmotif packages that fix flaws in the Xpm image library are nowavailable Description OpenMotif provides libraries which implement the Motif industry standardgraphical user interface During a so ...
Debian Security Advisories: DSA-561-1 xfree86 -- integer and stack overflows
Chris Evans discovered several stack and integer overflows in the libXpm library which is provided by XOrg, XFree86 and LessTif For the stable distribution (woody) this problem has been fixed in version 410-16woody4 For the unstable distribution (sid) this problem has been fixed in version 430dfsg1-8 We recommend that you upgrade your lib ...
Debian Security Advisories: DSA-560-1 lesstif1-1 -- integer and stack overflows
Chris Evans discovered several stack and integer overflows in the libXpm library which is included in LessTif For the stable distribution (woody) this problem has been fixed in version 09318-5 For the unstable distribution (sid) this problem has been fixed in version 09394-10 We recommend that you upgrade your lesstif packages ...

Exploits

Exploit DB: Solaris 10 dtprintinfo / libXm / libXpm Security Issues
Multiple vulnerabilities have been discovered across Common Desktop Environment version 16, Motif version 21, and XOrg libXpm versions prior to 3515 on Oracle Solaris 10 that can be chained together to achieve root ...

References

NVD-CWE-Otherhttp://www.securityfocus.com/bid/11196http://scary.beasts.org/security/CESA-2004-003.txthttp://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patchhttp://www.debian.org/security/2004/dsa-560http://www.gentoo.org/security/en/glsa/glsa-200409-34.xmlhttp://www.gentoo.org/security/en/glsa/glsa-200502-07.xmlhttp://www.redhat.com/support/errata/RHSA-2004-537.htmlhttp://www.redhat.com/support/errata/RHSA-2005-004.htmlhttp://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.htmlhttp://www.kb.cert.org/vuls/id/882750http://lists.apple.com/archives/security-announce/2005/May/msg00001.htmlhttp://www.us-cert.gov/cas/techalerts/TA05-136A.htmlhttp://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.htmlhttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1http://secunia.com/advisories/20235http://www.mandriva.com/security/advisories?name=MDKSA-2004:098http://www.vupen.com/english/advisories/2006/1914http://marc.info/?l=bugtraq&m=109530851323415&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/17414https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9187https://usn.ubuntu.com/27-1/http://www.securityfocus.com/archive/1/434715/100/0/threadedhttp://packetstormsecurity.com/files/170620/Solaris-10-dtprintinfo-libXm-libXpm-Security-Issues.htmlhttps://usn.ubuntu.com/27-1/https://nvd.nist.govhttps://www.kb.cert.org/vuls/id/882750
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook