CVE-2004-0688
7.2 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.292 Low
EPSS
Percentile
96.8%
Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.
References
distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924
ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch
lists.apple.com/archives/security-announce/2005/May/msg00001.html
marc.info/?l=bugtraq&m=109530851323415&w=2
scary.beasts.org/security/CESA-2004-003.txt
secunia.com/advisories/20235
sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1
www.debian.org/security/2004/dsa-560
www.gentoo.org/security/en/glsa/glsa-200409-34.xml
www.gentoo.org/security/en/glsa/glsa-200502-07.xml
www.kb.cert.org/vuls/id/537878
www.mandriva.com/security/advisories?name=MDKSA-2004:098
www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html
www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html
www.redhat.com/support/errata/RHSA-2004-537.html
www.redhat.com/support/errata/RHSA-2005-004.html
www.securityfocus.com/archive/1/434715/100/0/threaded
www.securityfocus.com/bid/11196
www.us-cert.gov/cas/techalerts/TA05-136A.html
www.vupen.com/english/advisories/2006/1914
exchange.xforce.ibmcloud.com/vulnerabilities/17416
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11796
usn.ubuntu.com/27-1/
Related
7.2 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.292 Low
EPSS
Percentile
96.8%