ID CVE-2004-0687
Summary Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.
References
Vulnerable Configurations
  • cpe:2.3:a:x.org:x11r6:6.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:x.org:x11r6:6.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:x.org:x11r6:6.8:*:*:*:*:*:*:*
    cpe:2.3:a:x.org:x11r6:6.8:*:*:*:*:*:*:*
  • cpe:2.3:a:xfree86_project:x11r6:3.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:xfree86_project:x11r6:3.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:xfree86_project:x11r6:4.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:xfree86_project:x11r6:4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:xfree86_project:x11r6:4.0.2.11:*:*:*:*:*:*:*
    cpe:2.3:a:xfree86_project:x11r6:4.0.2.11:*:*:*:*:*:*:*
  • cpe:2.3:a:xfree86_project:x11r6:4.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:xfree86_project:x11r6:4.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:xfree86_project:x11r6:4.1.11:*:*:*:*:*:*:*
    cpe:2.3:a:xfree86_project:x11r6:4.1.11:*:*:*:*:*:*:*
  • cpe:2.3:a:xfree86_project:x11r6:4.1.12:*:*:*:*:*:*:*
    cpe:2.3:a:xfree86_project:x11r6:4.1.12:*:*:*:*:*:*:*
  • cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:errata:*:*:*:*:*
    cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:errata:*:*:*:*:*
  • cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*
  • cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*
    cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*
  • cpe:2.3:o:openbsd:openbsd:3.5:*:*:*:*:*:*:*
    cpe:2.3:o:openbsd:openbsd:3.5:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 19-10-2018 - 15:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
oval via4
accepted 2013-04-29T04:18:26.525-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
description Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.
family unix
id oval:org.mitre.oval:def:9187
status accepted
submitted 2010-07-09T03:56:16-04:00
title Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.
version 29
redhat via4
advisories
  • rhsa
    id RHSA-2004:537
  • rhsa
    id RHSA-2005:004
rpms
  • XFree86-0:4.3.0-69.EL
  • XFree86-100dpi-fonts-0:4.3.0-69.EL
  • XFree86-75dpi-fonts-0:4.3.0-69.EL
  • XFree86-ISO8859-14-100dpi-fonts-0:4.3.0-69.EL
  • XFree86-ISO8859-14-75dpi-fonts-0:4.3.0-69.EL
  • XFree86-ISO8859-15-100dpi-fonts-0:4.3.0-69.EL
  • XFree86-ISO8859-15-75dpi-fonts-0:4.3.0-69.EL
  • XFree86-ISO8859-2-100dpi-fonts-0:4.3.0-69.EL
  • XFree86-ISO8859-2-75dpi-fonts-0:4.3.0-69.EL
  • XFree86-ISO8859-9-100dpi-fonts-0:4.3.0-69.EL
  • XFree86-ISO8859-9-75dpi-fonts-0:4.3.0-69.EL
  • XFree86-Mesa-libGL-0:4.3.0-69.EL
  • XFree86-Mesa-libGLU-0:4.3.0-69.EL
  • XFree86-Xnest-0:4.3.0-69.EL
  • XFree86-Xvfb-0:4.3.0-69.EL
  • XFree86-base-fonts-0:4.3.0-69.EL
  • XFree86-cyrillic-fonts-0:4.3.0-69.EL
  • XFree86-devel-0:4.3.0-69.EL
  • XFree86-doc-0:4.3.0-69.EL
  • XFree86-font-utils-0:4.3.0-69.EL
  • XFree86-libs-0:4.3.0-69.EL
  • XFree86-libs-data-0:4.3.0-69.EL
  • XFree86-sdk-0:4.3.0-69.EL
  • XFree86-syriac-fonts-0:4.3.0-69.EL
  • XFree86-tools-0:4.3.0-69.EL
  • XFree86-truetype-fonts-0:4.3.0-69.EL
  • XFree86-twm-0:4.3.0-69.EL
  • XFree86-xauth-0:4.3.0-69.EL
  • XFree86-xdm-0:4.3.0-69.EL
  • XFree86-xfs-0:4.3.0-69.EL
  • openmotif-0:2.2.3-4.RHEL3.4
  • openmotif-debuginfo-0:2.2.3-4.RHEL3.4
  • openmotif-devel-0:2.2.3-4.RHEL3.4
  • openmotif21-0:2.1.30-9.RHEL3.4
  • openmotif21-debuginfo-0:2.1.30-9.RHEL3.4
  • jabberd-0:2.0s10-3.37.rhn
  • jabberd-0:2.0s10-3.38.rhn
  • java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3
  • java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4
  • java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3
  • java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4
  • jfreechart-0:0.9.20-3.rhn
  • openmotif21-0:2.1.30-11.RHEL4.6
  • openmotif21-0:2.1.30-9.RHEL3.8
  • openmotif21-debuginfo-0:2.1.30-11.RHEL4.6
  • openmotif21-debuginfo-0:2.1.30-9.RHEL3.8
  • perl-Crypt-CBC-0:2.24-1.el3
  • perl-Crypt-CBC-0:2.24-1.el4
  • rhn-apache-0:1.3.27-36.rhn.rhel3
  • rhn-apache-0:1.3.27-36.rhn.rhel4
  • rhn-modjk-ap13-0:1.2.23-2rhn.rhel3
  • rhn-modjk-ap13-0:1.2.23-2rhn.rhel4
  • rhn-modperl-0:1.29-16.rhel3
  • rhn-modperl-0:1.29-16.rhel4
  • rhn-modssl-0:2.8.12-8.rhn.10.rhel3
  • rhn-modssl-0:2.8.12-8.rhn.10.rhel4
  • tomcat5-0:5.0.30-0jpp_10rh
refmap via4
apple APPLE-SA-2005-05-03
bid 11196
bugtraq 20040915 CESA-2004-004: libXpm
cert TA05-136A
cert-vn VU#882750
conectiva CLA-2005:924
confirm http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch
debian DSA-560
fedora FLSA-2006:152803
gentoo
  • GLSA-200409-34
  • GLSA-200502-07
hp
  • HPSBUX02119
  • SSRT4848
mandrake MDKSA-2004:098
misc http://scary.beasts.org/security/CESA-2004-003.txt
secunia 20235
sunalert 57653
suse SUSE-SA:2004:034
ubuntu USN-27-1
vupen ADV-2006-1914
xf libxpm-multiple-stack-bo(17414)
statements via4
contributor Mark J Cox
lastmodified 2007-03-14
organization Red Hat
statement Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Last major update 19-10-2018 - 15:30
Published 20-10-2004 - 04:00
Last modified 19-10-2018 - 15:30
Back to Top