CVE-2004-0914
NONE EPSS 94.5%
Published Jan 10, 200521y ago · Modified Jun 16, 20262w ago
Published Jan 10, 2005 21y ago
Last Modified Jun 16, 2026 2w ago
Description
Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions.
Threat Intelligence
EPSS Exploit Probability
94.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Affected Products 40
| Vendor | Product | Version | Range |
|---|---|---|---|
| lesstif | lesstif | 0.93 | any |
| lesstif | lesstif | 0.93.12 | any |
| lesstif | lesstif | 0.93.18 | any |
| lesstif | lesstif | 0.93.34 | any |
| lesstif | lesstif | 0.93.36 | any |
| lesstif | lesstif | 0.93.40 | any |
| lesstif | lesstif | 0.93.91 | any |
| lesstif | lesstif | 0.93.94 | any |
| lesstif | lesstif | 0.93.96 | any |
| x.org | x11r6 | 6.7.0 | any |
| x.org | x11r6 | 6.8 | any |
| x.org | x11r6 | 6.8.1 | any |
| xfree86_project | x11r6 | 3.3 | any |
| xfree86_project | x11r6 | 3.3.2 | any |
| xfree86_project | x11r6 | 3.3.3 | any |
| xfree86_project | x11r6 | 3.3.4 | any |
| xfree86_project | x11r6 | 3.3.5 | any |
| xfree86_project | x11r6 | 3.3.6 | any |
| xfree86_project | x11r6 | 4.0 | any |
| xfree86_project | x11r6 | 4.0.1 | any |
| xfree86_project | x11r6 | 4.0.2.11 | any |
| xfree86_project | x11r6 | 4.0.3 | any |
| xfree86_project | x11r6 | 4.1.0 | any |
| xfree86_project | x11r6 | 4.1.11 | any |
| xfree86_project | x11r6 | 4.1.12 | any |
| xfree86_project | x11r6 | 4.2.0 | any |
| xfree86_project | x11r6 | 4.2.1 | any |
| xfree86_project | x11r6 | 4.2.1 | any |
| xfree86_project | x11r6 | 4.3.0 | any |
| gentoo | linux | * | any |
| redhat | fedora_core | core_2.0 | any |
| redhat | fedora_core | core_3.0 | any |
| suse | suse_linux | 1.0 | any |
| suse | suse_linux | 8 | any |
| suse | suse_linux | 8.1 | any |
| suse | suse_linux | 8.2 | any |
| suse | suse_linux | 9.0 | any |
| suse | suse_linux | 9.0 | any |
| suse | suse_linux | 9.1 | any |
| suse | suse_linux | 9.2 | any |
References 22
- rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2004-537.html
- secunia.com http://secunia.com/advisories/13224/
- debian.org http://www.debian.org/security/2004/dsa-607
- gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200411-28.xml
- gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200502-06.xml
- gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml
- linuxsecurity.com http://www.linuxsecurity.com/content/view/106877/102/
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2004:137
- redhat.com http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2004-610.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2005-004.html
- securityfocus.com http://www.securityfocus.com/bid/11694
- ubuntu.com http://www.ubuntu.com/usn/usn-83-1
- ubuntu.com http://www.ubuntu.com/usn/usn-83-2
- x.org http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch
- www1.itrc.hp.com http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01228
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/18142
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/18144
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/18145
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/18146
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/18147
- oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9943
Remediation
- debian.org http://www.debian.org/security/2004/dsa-607
- gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200411-28.xml
- securityfocus.com http://www.securityfocus.com/bid/11694