CVE-2004-0688

NONE EPSS 93.6%
Published Oct 20, 200421y ago · Modified Jun 16, 20262w ago
Find Similar
Published Oct 20, 2004 21y ago
Last Modified Jun 16, 2026 2w ago

Description

Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.

Threat Intelligence

EPSS Exploit Probability
93.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 23

VendorProductVersionRange
x.orgx11r66.7.0any
x.orgx11r66.8any
xfree86_projectx11r63.3.6any
xfree86_projectx11r64.0any
xfree86_projectx11r64.0.1any
xfree86_projectx11r64.0.2.11any
xfree86_projectx11r64.0.3any
xfree86_projectx11r64.1.0any
xfree86_projectx11r64.1.11any
xfree86_projectx11r64.1.12any
xfree86_projectx11r64.2.0any
xfree86_projectx11r64.2.1any
xfree86_projectx11r64.2.1any
xfree86_projectx11r64.3.0any
openbsdopenbsd3.4any
openbsdopenbsd3.5any
susesuse_linux8any
susesuse_linux8.1any
susesuse_linux8.2any
susesuse_linux9.0any
susesuse_linux9.0any
susesuse_linux9.0any
susesuse_linux9.1any

References 23

  • distro.conectiva.com.br http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924
  • ftp.x.org http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch
  • lists.apple.com http://lists.apple.com/archives/security-announce/2005/May/msg00001.html
  • marc.info http://marc.info/?l=bugtraq&m=109530851323415&w=2
  • scary.beasts.org http://scary.beasts.org/security/CESA-2004-003.txt
  • secunia.com http://secunia.com/advisories/20235
  • sunsolve.sun.com http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1
  • debian.org http://www.debian.org/security/2004/dsa-560
  • gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml
  • gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml
  • kb.cert.org http://www.kb.cert.org/vuls/id/537878
    US Government Resource
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2004:098
  • novell.com http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html
  • redhat.com http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html
  • redhat.com http://www.redhat.com/support/errata/RHSA-2004-537.html
  • redhat.com http://www.redhat.com/support/errata/RHSA-2005-004.html
  • securityfocus.com http://www.securityfocus.com/archive/1/434715/100/0/threaded
  • securityfocus.com http://www.securityfocus.com/bid/11196
    PatchVendor Advisory
  • us-cert.gov http://www.us-cert.gov/cas/techalerts/TA05-136A.html
    US Government Resource
  • vupen.com http://www.vupen.com/english/advisories/2006/1914
  • exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/17416
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11796
  • usn.ubuntu.com https://usn.ubuntu.com/27-1/

Remediation