CVE Vulnerabilities

CVE-2004-0688

Published: Oct 20, 2004 | Modified: Oct 19, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.

Affected Software

Name Vendor Start Version End Version
X11r6 Xfree86_project 4.1.0 4.1.0
X11r6 Xfree86_project 3.3.6 3.3.6
X11r6 Xfree86_project 4.0.2.11 4.0.2.11
X11r6 Xfree86_project 4.0.3 4.0.3
X11r6 X.org 6.7.0 6.7.0
X11r6 Xfree86_project 4.3.0 4.3.0
X11r6 Xfree86_project 4.2.1 4.2.1
X11r6 X.org 6.8 6.8
X11r6 Xfree86_project 4.0 4.0
X11r6 Xfree86_project 4.0.1 4.0.1
X11r6 Xfree86_project 4.2.0 4.2.0
X11r6 Xfree86_project 4.1.12 4.1.12
X11r6 Xfree86_project 4.2.1 4.2.1
X11r6 Xfree86_project 4.1.11 4.1.11

References