Lucene search

Gentoo FoundationGLSA-200411-28

HistoryNov 19, 2004 - 12:00 a.m.

X.Org, XFree86: libXpm vulnerabilities

2004-11-1900:00:00

Gentoo Foundation

security.gentoo.org

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.088 Low

EPSS

Percentile

94.5%

JSON

Background

libXpm is a pixmap manipulation library for the X Window System, included in both X.Org and XFree86.

Description

Several issues were discovered in libXpm, including integer overflows, out-of-bounds memory accesses, insecure path traversal and an endless loop.

Impact

An attacker could craft a malicious pixmap file and entice a user to use it with an application linked against libXpm. This could lead to Denial of Service or arbitrary code execution.

Workaround

There is no known workaround at this time.

Resolution

All X.Org users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=x11-base/xorg-x11-6.7.0-r3"

All XFree86 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=x11-base/xfree-x11-4.3.0-r8"

OSVersionArchitecturePackageVersionFilename
Gentooanyallx11-base/xorg-x11< 6.8.0-r3UNKNOWN
Gentooanyallx11-base/xfree< 4.3.0-r8UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	x11-base/xorg-x11	< 6.8.0-r3	UNKNOWN
Gentoo	any	all	x11-base/xfree	< 4.3.0-r8	UNKNOWN

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.088 Low

EPSS

Percentile

94.5%

JSON

Related for GLSA-200411-28