Lucene search
SuseSUSE-SA:2004:034HistorySep 17, 2004 - 1:37 p.m.
remote command execution in XFree86-libs, xshared
2004-09-1713:37:17
lists.opensuse.org
17
0.965 High
EPSS
Percentile
99.5%
Chris Evans reported three vulnerabilities in libXpm which can be exploited remotely by providing malformed XPM image files. The function xpmParseColors() is vulnerable to an integer overflow and a stack-based buffer overflow. The functions ParseAndPutPixels() as well as ParsePixels() is vulnerable to a stack-based buffer overflow too. Additionally Matthieu Herrb found two one-byte buffer overflows.
Solution
There is no workaround known.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE | 9.1 | x86_64 | xfree86-libs | < 4.3.99.902-43.31 | XFree86-libs-4.3.99.902-43.31.x86_64.rpm |
| openSUSE | 9.1 | i586 | xfree86-libs | < 4.3.99.902-43.31 | XFree86-libs-4.3.99.902-43.31.i586.rpm |
| openSUSE | 9.0 | x86_64 | xfree86-libs | < 4.3.0.1-55 | XFree86-libs-4.3.0.1-55.x86_64.rpm |
| openSUSE | 9.0 | i586 | xfree86-libs | < 4.3.0.1-55 | XFree86-libs-4.3.0.1-55.i586.rpm |
| openSUSE | 8.2 | i586 | xfree86-libs | < 4.3.0-127 | XFree86-libs-4.3.0-127.i586.rpm |
| openSUSE | 8.1 | i586 | xshared | < 4.2.0-267 | xshared-4.2.0-267.i586.rpm |
Related
suse
suse
remote code execution in gtk2, gdk-pixbuf
2004-09-17 10:02:50
remote denial-of-service in apache2
2004-09-15 15:46:39
remote DoS condition in apache2
2004-09-06 13:51:41
openvas
openvas
SLES9: Security update for Mozilla
2009-10-10 00:00:00
SLES9: Security update for Mozilla
2009-10-10 00:00:00
Slackware Advisory SSA:2004-223-01 Mozilla
2012-09-11 00:00:00
redhat
redhat
(RHSA-2004:421) mozilla security update
2004-08-04 00:00:00
(RHSA-2004:400) gaim security update
2004-09-07 00:00:00
(RHSA-2004:467) samba security update
2004-09-23 00:00:00
nessus
nessus
RHEL 2.1 / 3 : mozilla (RHSA-2004:421)
2004-08-05 00:00:00
Slackware 10.0 / 9.1 / current : Mozilla (SSA:2004-223-01)
2005-07-13 00:00:00
Mandrake Linux Security Advisory : mozilla (MDKSA-2004:082)
2004-08-22 00:00:00
slackware
slackware
[slackware-security] Mozilla
2004-08-10 21:17:12
[slackware-security] gaim
2004-08-27 02:48:11
[slackware-security] samba DoS
2004-09-14 06:31:52
gentoo
gentoo
Gaim: New vulnerabilities
2004-08-27 00:00:00
X.org, XFree86: Integer and stack overflows in libXpm
2004-09-27 00:00:00
Samba: Denial of Service vulnerabilities
2004-09-13 00:00:00
freebsd
freebsd
samba3 DoS attack
2004-09-02 00:00:00
xpm -- image decoding vulnerabilities
2004-09-15 00:00:00
mozilla -- automated file upload
2004-04-28 00:00:00
osv
osv
lesstif1-1 - integer and stack overflows
2004-10-07 00:00:00
xfree86 - integer and stack overflows
2004-10-11 00:00:00
a2ps - unsanitised input
2004-12-20 00:00:00
cert
cert
libXpm library contains multiple integer overflow vulnerabilities
2004-09-30 00:00:00
Mozilla contains a buffer overflow in the SendUidl() function
2004-08-20 00:00:00
libXpm image library vulnerable to buffer overflow
2004-09-30 00:00:00
ubuntu
ubuntu
libxpm4 vulnerability
2004-11-18 00:00:00
debian
debian
[SECURITY] [DSA 560-1] New lesstif packages fix several vulnerabilities
2004-10-07 13:32:27
[SECURITY] [DSA 561-1] New libxpm packages fix several vulnerabilities
2004-10-11 07:42:09
[SECURITY] [DSA 560-1] New lesstif packages fix several vulnerabilities
2004-10-07 13:32:27
securityvulns
securityvulns
[ GLSA 200408-22 ] Mozilla, Firefox, Thunderbird: New releases fix vulnerabilities
2004-08-25 00:00:00
[Full-Disclosure] iDEFENSE Security Advisory 09.13.04a: Samba nmbd Invalid Length Denial of Service Vulnerability
2004-09-14 00:00:00
MDKSA-2004:093 - Updated squid packages fix DoS vulnerability
2004-09-16 00:00:00
samba
samba
Samba 3.0.x Denial of Service Flaw
2004-09-13 00:00:00
cve
cve
checkpoint_advisories
checkpoint_advisories
Mozilla SOAPParameter Integer Overflow (CVE-2004-0722)
2010-03-15 00:00:00
Mozilla Firefox onunload SSL Certificate Spoofing (CVE-2004-0763)
2009-11-19 00:00:00
ubuntucve
ubuntucve
debiancve
debiancve