10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.348 Low
EPSS
Percentile
96.7%
LessTif provides libraries which implement the Motif industry standard
graphical user interface.
During a source code audit, Chris Evans discovered several stack overflow
flaws and an integer overflow flaw in the libXpm library used to decode XPM
(X PixMap) images. A vulnerable version of this library was found within
Lesstif. An attacker could create a carefully crafted XPM file which would
cause an application to crash or potentially execute arbitrary code if
opened by a victim. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the names CAN-2004-0687,CAN-2004-0688, and
CAN-2004-0914 to these issues.
Users of LessTif are advised to upgrade to this erratum package, which
contains backported security patches to the embedded libXpm library.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | i386 | lesstif | < 0.93.15-4.AS21.4 | lesstif-0.93.15-4.AS21.4.i386.rpm |
RedHat | any | ia64 | lesstif-devel | < 0.93.15-4.AS21.4 | lesstif-devel-0.93.15-4.AS21.4.ia64.rpm |
RedHat | any | ia64 | lesstif | < 0.93.15-4.AS21.4 | lesstif-0.93.15-4.AS21.4.ia64.rpm |
RedHat | any | i386 | lesstif-devel | < 0.93.15-4.AS21.4 | lesstif-devel-0.93.15-4.AS21.4.i386.rpm |