CVE

CVE-2004-0687

Date: (C)2004-10-20   (M)2023-12-22

Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL

Reference:

BID-11196

http://marc.info/?l=bugtraq&m=109530851323415&w=2

SECUNIA-20235

SUNALERT-57653

ADV-2006-1914

APPLE-SA-2005-05-03

CLA-2005:924

DSA-560

FLSA-2006:152803

GLSA-200409-34

GLSA-200502-07

HPSBUX02119

MDKSA-2004:098

RHSA-2004:537

RHSA-2005:004

SUSE-SA:2004:034

TA05-136A

USN-27-1

VU#882750

http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch

http://packetstormsecurity.com/files/170620/Solaris-10-dtprintinfo-libXm-libXpm-Security-Issues.html

http://scary.beasts.org/security/CESA-2004-003.txt

libxpm-multiple-stack-bo(17414)

oval:org.mitre.oval:def:9187