ID CVE-2004-0914
Summary Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions.
References
Vulnerable Configurations
  • cpe:2.3:a:lesstif:lesstif:0.93:*:*:*:*:*:*:*
    cpe:2.3:a:lesstif:lesstif:0.93:*:*:*:*:*:*:*
  • cpe:2.3:a:lesstif:lesstif:0.93.12:*:*:*:*:*:*:*
    cpe:2.3:a:lesstif:lesstif:0.93.12:*:*:*:*:*:*:*
  • cpe:2.3:a:lesstif:lesstif:0.93.18:*:*:*:*:*:*:*
    cpe:2.3:a:lesstif:lesstif:0.93.18:*:*:*:*:*:*:*
  • cpe:2.3:a:lesstif:lesstif:0.93.34:*:*:*:*:*:*:*
    cpe:2.3:a:lesstif:lesstif:0.93.34:*:*:*:*:*:*:*
  • cpe:2.3:a:lesstif:lesstif:0.93.36:*:*:*:*:*:*:*
    cpe:2.3:a:lesstif:lesstif:0.93.36:*:*:*:*:*:*:*
  • cpe:2.3:a:lesstif:lesstif:0.93.40:*:*:*:*:*:*:*
    cpe:2.3:a:lesstif:lesstif:0.93.40:*:*:*:*:*:*:*
  • cpe:2.3:a:lesstif:lesstif:0.93.91:*:*:*:*:*:*:*
    cpe:2.3:a:lesstif:lesstif:0.93.91:*:*:*:*:*:*:*
  • cpe:2.3:a:lesstif:lesstif:0.93.94:*:*:*:*:*:*:*
    cpe:2.3:a:lesstif:lesstif:0.93.94:*:*:*:*:*:*:*
  • cpe:2.3:a:lesstif:lesstif:0.93.96:*:*:*:*:*:*:*
    cpe:2.3:a:lesstif:lesstif:0.93.96:*:*:*:*:*:*:*
  • cpe:2.3:a:x.org:x11r6:6.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:x.org:x11r6:6.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:x.org:x11r6:6.8:*:*:*:*:*:*:*
    cpe:2.3:a:x.org:x11r6:6.8:*:*:*:*:*:*:*
  • cpe:2.3:a:x.org:x11r6:6.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:x.org:x11r6:6.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:xfree86_project:x11r6:3.3:*:*:*:*:*:*:*
    cpe:2.3:a:xfree86_project:x11r6:3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:xfree86_project:x11r6:3.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:xfree86_project:x11r6:3.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:xfree86_project:x11r6:3.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:xfree86_project:x11r6:3.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:xfree86_project:x11r6:3.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:xfree86_project:x11r6:3.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:xfree86_project:x11r6:3.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:xfree86_project:x11r6:3.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:xfree86_project:x11r6:3.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:xfree86_project:x11r6:3.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:xfree86_project:x11r6:4.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:xfree86_project:x11r6:4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:xfree86_project:x11r6:4.0.2.11:*:*:*:*:*:*:*
    cpe:2.3:a:xfree86_project:x11r6:4.0.2.11:*:*:*:*:*:*:*
  • cpe:2.3:a:xfree86_project:x11r6:4.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:xfree86_project:x11r6:4.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:xfree86_project:x11r6:4.1.11:*:*:*:*:*:*:*
    cpe:2.3:a:xfree86_project:x11r6:4.1.11:*:*:*:*:*:*:*
  • cpe:2.3:a:xfree86_project:x11r6:4.1.12:*:*:*:*:*:*:*
    cpe:2.3:a:xfree86_project:x11r6:4.1.12:*:*:*:*:*:*:*
  • cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:errata:*:*:*:*:*
    cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:errata:*:*:*:*:*
  • cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*
  • cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
    cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:1.0:*:desktop:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:1.0:*:desktop:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:9.2:*:*:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:9.2:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 11-10-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
oval via4
accepted 2013-04-29T04:23:30.970-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
description Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions.
family unix
id oval:org.mitre.oval:def:9943
status accepted
submitted 2010-07-09T03:56:16-04:00
title Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions.
version 29
redhat via4
advisories
  • rhsa
    id RHSA-2004:537
  • rhsa
    id RHSA-2004:610
  • rhsa
    id RHSA-2005:004
rpms
  • openmotif-0:2.2.3-4.RHEL3.4
  • openmotif-debuginfo-0:2.2.3-4.RHEL3.4
  • openmotif-devel-0:2.2.3-4.RHEL3.4
  • openmotif21-0:2.1.30-9.RHEL3.4
  • openmotif21-debuginfo-0:2.1.30-9.RHEL3.4
  • XFree86-0:4.3.0-78.EL
  • XFree86-100dpi-fonts-0:4.3.0-78.EL
  • XFree86-75dpi-fonts-0:4.3.0-78.EL
  • XFree86-ISO8859-14-100dpi-fonts-0:4.3.0-78.EL
  • XFree86-ISO8859-14-75dpi-fonts-0:4.3.0-78.EL
  • XFree86-ISO8859-15-100dpi-fonts-0:4.3.0-78.EL
  • XFree86-ISO8859-15-75dpi-fonts-0:4.3.0-78.EL
  • XFree86-ISO8859-2-100dpi-fonts-0:4.3.0-78.EL
  • XFree86-ISO8859-2-75dpi-fonts-0:4.3.0-78.EL
  • XFree86-ISO8859-9-100dpi-fonts-0:4.3.0-78.EL
  • XFree86-ISO8859-9-75dpi-fonts-0:4.3.0-78.EL
  • XFree86-Mesa-libGL-0:4.3.0-78.EL
  • XFree86-Mesa-libGLU-0:4.3.0-78.EL
  • XFree86-Xnest-0:4.3.0-78.EL
  • XFree86-Xvfb-0:4.3.0-78.EL
  • XFree86-base-fonts-0:4.3.0-78.EL
  • XFree86-cyrillic-fonts-0:4.3.0-78.EL
  • XFree86-devel-0:4.3.0-78.EL
  • XFree86-doc-0:4.3.0-78.EL
  • XFree86-font-utils-0:4.3.0-78.EL
  • XFree86-libs-0:4.3.0-78.EL
  • XFree86-libs-data-0:4.3.0-78.EL
  • XFree86-sdk-0:4.3.0-78.EL
  • XFree86-syriac-fonts-0:4.3.0-78.EL
  • XFree86-tools-0:4.3.0-78.EL
  • XFree86-truetype-fonts-0:4.3.0-78.EL
  • XFree86-twm-0:4.3.0-78.EL
  • XFree86-xauth-0:4.3.0-78.EL
  • XFree86-xdm-0:4.3.0-78.EL
  • XFree86-xfs-0:4.3.0-78.EL
  • jabberd-0:2.0s10-3.37.rhn
  • jabberd-0:2.0s10-3.38.rhn
  • java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3
  • java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4
  • java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3
  • java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4
  • jfreechart-0:0.9.20-3.rhn
  • openmotif21-0:2.1.30-11.RHEL4.6
  • openmotif21-0:2.1.30-9.RHEL3.8
  • openmotif21-debuginfo-0:2.1.30-11.RHEL4.6
  • openmotif21-debuginfo-0:2.1.30-9.RHEL3.8
  • perl-Crypt-CBC-0:2.24-1.el3
  • perl-Crypt-CBC-0:2.24-1.el4
  • rhn-apache-0:1.3.27-36.rhn.rhel3
  • rhn-apache-0:1.3.27-36.rhn.rhel4
  • rhn-modjk-ap13-0:1.2.23-2rhn.rhel3
  • rhn-modjk-ap13-0:1.2.23-2rhn.rhel4
  • rhn-modperl-0:1.29-16.rhel3
  • rhn-modperl-0:1.29-16.rhel4
  • rhn-modssl-0:2.8.12-8.rhn.10.rhel3
  • rhn-modssl-0:2.8.12-8.rhn.10.rhel4
  • tomcat5-0:5.0.30-0jpp_10rh
refmap via4
bid 11694
confirm http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch
debian DSA-607
fedora
  • FEDORA-2004-433
  • FLSA-2006:152803
gentoo
  • GLSA-200411-28
  • GLSA-200502-06
  • GLSA-200502-07
hp HPSBTU01228
mandrake MDKSA-2004:137
secunia 13224
ubuntu
  • USN-83-1
  • USN-83-2
xf
  • libxpm-command-execution(18145)
  • libxpm-directory-traversal(18146)
  • libxpm-dos(18147)
  • libxpm-image-bo(18142)
  • libxpm-improper-memory-access(18144)
statements via4
contributor Mark J Cox
lastmodified 2007-03-14
organization Red Hat
statement Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Last major update 11-10-2017 - 01:29
Published 10-01-2005 - 05:00
Last modified 11-10-2017 - 01:29
Back to Top