CVE-2004-0914

NONE EPSS 94.5%
Published Jan 10, 200521y ago · Modified Jun 16, 20262w ago
Find Similar
Published Jan 10, 2005 21y ago
Last Modified Jun 16, 2026 2w ago

Description

Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions.

Threat Intelligence

EPSS Exploit Probability
94.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 40

VendorProductVersionRange
lesstiflesstif0.93any
lesstiflesstif0.93.12any
lesstiflesstif0.93.18any
lesstiflesstif0.93.34any
lesstiflesstif0.93.36any
lesstiflesstif0.93.40any
lesstiflesstif0.93.91any
lesstiflesstif0.93.94any
lesstiflesstif0.93.96any
x.orgx11r66.7.0any
x.orgx11r66.8any
x.orgx11r66.8.1any
xfree86_projectx11r63.3any
xfree86_projectx11r63.3.2any
xfree86_projectx11r63.3.3any
xfree86_projectx11r63.3.4any
xfree86_projectx11r63.3.5any
xfree86_projectx11r63.3.6any
xfree86_projectx11r64.0any
xfree86_projectx11r64.0.1any
xfree86_projectx11r64.0.2.11any
xfree86_projectx11r64.0.3any
xfree86_projectx11r64.1.0any
xfree86_projectx11r64.1.11any
xfree86_projectx11r64.1.12any
xfree86_projectx11r64.2.0any
xfree86_projectx11r64.2.1any
xfree86_projectx11r64.2.1any
xfree86_projectx11r64.3.0any
gentoolinux*any
redhatfedora_corecore_2.0any
redhatfedora_corecore_3.0any
susesuse_linux1.0any
susesuse_linux8any
susesuse_linux8.1any
susesuse_linux8.2any
susesuse_linux9.0any
susesuse_linux9.0any
susesuse_linux9.1any
susesuse_linux9.2any

References 22

Remediation

  • debian.org http://www.debian.org/security/2004/dsa-607
    PatchVendor Advisory
  • gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200411-28.xml
    PatchVendor Advisory
  • securityfocus.com http://www.securityfocus.com/bid/11694
    PatchVendor Advisory