CVE-2004-0688
NONE EPSS 93.6%
Published Oct 20, 200421y ago · Modified Jun 16, 20262w ago
Published Oct 20, 2004 21y ago
Last Modified Jun 16, 2026 2w ago
Description
Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.
Threat Intelligence
EPSS Exploit Probability
93.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Affected Products 23
| Vendor | Product | Version | Range |
|---|---|---|---|
| x.org | x11r6 | 6.7.0 | any |
| x.org | x11r6 | 6.8 | any |
| xfree86_project | x11r6 | 3.3.6 | any |
| xfree86_project | x11r6 | 4.0 | any |
| xfree86_project | x11r6 | 4.0.1 | any |
| xfree86_project | x11r6 | 4.0.2.11 | any |
| xfree86_project | x11r6 | 4.0.3 | any |
| xfree86_project | x11r6 | 4.1.0 | any |
| xfree86_project | x11r6 | 4.1.11 | any |
| xfree86_project | x11r6 | 4.1.12 | any |
| xfree86_project | x11r6 | 4.2.0 | any |
| xfree86_project | x11r6 | 4.2.1 | any |
| xfree86_project | x11r6 | 4.2.1 | any |
| xfree86_project | x11r6 | 4.3.0 | any |
| openbsd | openbsd | 3.4 | any |
| openbsd | openbsd | 3.5 | any |
| suse | suse_linux | 8 | any |
| suse | suse_linux | 8.1 | any |
| suse | suse_linux | 8.2 | any |
| suse | suse_linux | 9.0 | any |
| suse | suse_linux | 9.0 | any |
| suse | suse_linux | 9.0 | any |
| suse | suse_linux | 9.1 | any |
References 23
- distro.conectiva.com.br http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924
- ftp.x.org http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch
- lists.apple.com http://lists.apple.com/archives/security-announce/2005/May/msg00001.html
- marc.info http://marc.info/?l=bugtraq&m=109530851323415&w=2
- scary.beasts.org http://scary.beasts.org/security/CESA-2004-003.txt
- secunia.com http://secunia.com/advisories/20235
- sunsolve.sun.com http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1
- debian.org http://www.debian.org/security/2004/dsa-560
- gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml
- gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml
- kb.cert.org http://www.kb.cert.org/vuls/id/537878
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2004:098
- novell.com http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html
- redhat.com http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2004-537.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2005-004.html
- securityfocus.com http://www.securityfocus.com/archive/1/434715/100/0/threaded
- securityfocus.com http://www.securityfocus.com/bid/11196
- us-cert.gov http://www.us-cert.gov/cas/techalerts/TA05-136A.html
- vupen.com http://www.vupen.com/english/advisories/2006/1914
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/17416
- oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11796
- usn.ubuntu.com https://usn.ubuntu.com/27-1/
Remediation
- securityfocus.com http://www.securityfocus.com/bid/11196