CVE-2004-0914

2005-01-1005:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2004-0914

libxpm

xfree86

vulnerability

remote attackers

sensitive information

denial of service

arbitrary code

7.8 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.088 Low

EPSS

Percentile

94.5%

JSON

Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE’s content decisions.

CPENameOperatorVersion
xfree86_project:x11r6xfree86 project x11r6eq3.3.4
xfree86_project:x11r6xfree86 project x11r6eq4.1.0
xfree86_project:x11r6xfree86 project x11r6eq3.3.6
x.org:x11r6x.org x11r6eq6.8.1
xfree86_project:x11r6xfree86 project x11r6eq4.0.2.11
lesstif:lesstiflesstifeq0.93.96
lesstif:lesstiflesstifeq0.93.91
xfree86_project:x11r6xfree86 project x11r6eq4.0.3
lesstif:lesstiflesstifeq0.93.94
x.org:x11r6x.org x11r6eq6.7.0

CPE	Name	Operator	Version
xfree86_project:x11r6	xfree86 project x11r6	eq	3.3.4
xfree86_project:x11r6	xfree86 project x11r6	eq	4.1.0
xfree86_project:x11r6	xfree86 project x11r6	eq	3.3.6
x.org:x11r6	x.org x11r6	eq	6.8.1
xfree86_project:x11r6	xfree86 project x11r6	eq	4.0.2.11
lesstif:lesstif	lesstif	eq	0.93.96
lesstif:lesstif	lesstif	eq	0.93.91
xfree86_project:x11r6	xfree86 project x11r6	eq	4.0.3
lesstif:lesstif	lesstif	eq	0.93.94
x.org:x11r6	x.org x11r6	eq	6.7.0