Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200502-06
HistoryFeb 06, 2005 - 12:00 a.m.

LessTif: Multiple vulnerabilities in libXpm

2005-02-0600:00:00
Gentoo Foundation
security.gentoo.org
16

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.088 Low

EPSS

Percentile

94.5%

JSON

Background

LessTif is a clone of OSF/Motif, which is a standard user interface toolkit available on Unix and Linux.

Description

Multiple vulnerabilities, including buffer overflows, out of bounds memory access and directory traversals, have been discovered in libXpm, which is shipped as a part of the X Window System. LessTif, an application that includes libXpm, suffers from the same issues.

Impact

A carefully-crafted XPM file could crash applications making use of the LessTif toolkit, potentially allowing the execution of arbitrary code with the privileges of the user running the application.

Workaround

There is no known workaround at this time.

Resolution

All LessTif users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=x11-libs/lesstif-0.94.0"
OSVersionArchitecturePackageVersionFilename
Gentooanyallx11-libs/lesstif< 0.94.0UNKNOWN

Related

osv 2
nessus 19
securityvulns 1
debian 4
openvas 13
ubuntu 2
ubuntucve 1
cve 1
gentoo 2
redhat 5
freebsd 1
osv
osv
xfree86 - several
2004-12-10 00:00:00
xfree86 - integer overflow
2005-09-19 00:00:00
nessus
nessus
Ubuntu 4.10 : lesstif1-1 vulnerabilities (USN-83-2)
2006-01-15 00:00:00
RHEL 3 : XFree86 (RHSA-2004:612)
2004-12-21 00:00:00
RHEL 2.1 : XFree86 (RHSA-2004:610)
2004-12-20 00:00:00
securityvulns
securityvulns
[Full-Disclosure] [USN-83-1] LessTif 2 vulnerabilities
2005-02-16 00:00:00
debian
debian
[SECURITY] [DSA 607-1] New libxpm packages fix several vulnerabilities
2004-12-10 11:50:24
[SECURITY] [DSA 607-1] New libxpm packages fix several vulnerabilities
2004-12-10 11:50:24
[SECURITY] [DSA 816-1] New XFree86 packages fix arbitrary code execution
2005-09-22 08:57:47
openvas
openvas
Debian Security Advisory DSA 607-1 (xfree86)
2008-01-17 00:00:00
Ubuntu: Security Advisory (USN-83-2)
2022-08-26 00:00:00
Gentoo Security Advisory GLSA 200411-28 (X.Org, XFree86)
2008-09-24 00:00:00
ubuntu
ubuntu
LessTif 1 vulnerabilities
2005-09-13 00:00:00
LessTif 2 vulnerabilities
2005-02-16 00:00:00
ubuntucve
ubuntucve
CVE-2004-0914
2005-01-10 00:00:00
cve
cve
CVE-2004-0914
2005-01-10 05:00:00
gentoo
gentoo
X.Org, XFree86: libXpm vulnerabilities
2004-11-19 00:00:00
OpenMotif: Multiple vulnerabilities in libXpm
2005-02-07 00:00:00
redhat
redhat
(RHSA-2004:612) XFree86 security update
2004-12-20 00:00:00
(RHSA-2004:610) XFree86 security update
2004-12-20 00:00:00
(RHSA-2004:537) openmotif security update
2004-12-02 00:00:00
freebsd
freebsd
linux_base -- vulnerabilities in Red Hat 7.1 libraries
2004-09-27 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.088 Low

EPSS

Percentile

94.5%

JSON
Related for GLSA-200502-06
osv2nessus19securityvulns1debian4openvas13ubuntu2ubuntucve1cve1gentoo2redhat5freebsd1