Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| X11r6 | X.org | 6.7.0 | 6.7.0 |
| X11r6 | X.org | 6.8 | 6.8 |
| X11r6 | Xfree86_project | 3.3.6 | 3.3.6 |
| X11r6 | Xfree86_project | 4.0 | 4.0 |
| X11r6 | Xfree86_project | 4.0.1 | 4.0.1 |
| X11r6 | Xfree86_project | 4.0.2.11 | 4.0.2.11 |
| X11r6 | Xfree86_project | 4.0.3 | 4.0.3 |
| X11r6 | Xfree86_project | 4.1.0 | 4.1.0 |
| X11r6 | Xfree86_project | 4.1.11 | 4.1.11 |
| X11r6 | Xfree86_project | 4.1.12 | 4.1.12 |
| X11r6 | Xfree86_project | 4.2.0 | 4.2.0 |
| X11r6 | Xfree86_project | 4.2.1 | 4.2.1 |
| X11r6 | Xfree86_project | 4.2.1 | 4.2.1 |
| X11r6 | Xfree86_project | 4.3.0 | 4.3.0 |
| Red Hat Enterprise Linux 2.1 | RedHat | XFree86 | * |
| Red Hat Enterprise Linux 2.1 | RedHat | lesstif | * |
| Red Hat Enterprise Linux 3 | RedHat | XFree86-0:4.3.0-69.EL | * |
| Red Hat Enterprise Linux 3 | RedHat | openmotif-0:2.2.3-4.RHEL3.4 | * |
| Red Hat Enterprise Linux 3 | RedHat | openmotif21-0:2.1.30-9.RHEL3.4 | * |
| Red Hat Network Satellite Server v 4.2 | RedHat | jabberd-0:2.0s10-3.38.rhn | * |
| Red Hat Network Satellite Server v 4.2 | RedHat | java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 | * |
| Red Hat Network Satellite Server v 4.2 | RedHat | jfreechart-0:0.9.20-3.rhn | * |
| Red Hat Network Satellite Server v 4.2 | RedHat | openmotif21-0:2.1.30-11.RHEL4.6 | * |
| Red Hat Network Satellite Server v 4.2 | RedHat | perl-Crypt-CBC-0:2.24-1.el4 | * |
| Red Hat Network Satellite Server v 4.2 | RedHat | rhn-apache-0:1.3.27-36.rhn.rhel4 | * |
| Red Hat Network Satellite Server v 4.2 | RedHat | rhn-modjk-0:1.2.23-2rhn.rhel4 | * |
| Red Hat Network Satellite Server v 4.2 | RedHat | rhn-modperl-0:1.29-16.rhel4 | * |
| Red Hat Network Satellite Server v 4.2 | RedHat | rhn-modssl-0:2.8.12-8.rhn.10.rhel4 | * |
| Red Hat Network Satellite Server v 4.2 | RedHat | tomcat5-0:5.0.30-0jpp_10rh | * |
| Red Hat Network Satellite Server v 4.2 (RHEL3) | RedHat | jabberd-0:2.0s10-3.37.rhn | * |
| Red Hat Network Satellite Server v 4.2 (RHEL3) | RedHat | java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3 | * |
| Red Hat Network Satellite Server v 4.2 (RHEL3) | RedHat | jfreechart-0:0.9.20-3.rhn | * |
| Red Hat Network Satellite Server v 4.2 (RHEL3) | RedHat | openmotif21-0:2.1.30-9.RHEL3.8 | * |
| Red Hat Network Satellite Server v 4.2 (RHEL3) | RedHat | perl-Crypt-CBC-0:2.24-1.el3 | * |
| Red Hat Network Satellite Server v 4.2 (RHEL3) | RedHat | rhn-apache-0:1.3.27-36.rhn.rhel3 | * |
| Red Hat Network Satellite Server v 4.2 (RHEL3) | RedHat | rhn-modjk-0:1.2.23-2rhn.rhel3 | * |
| Red Hat Network Satellite Server v 4.2 (RHEL3) | RedHat | rhn-modperl-0:1.29-16.rhel3 | * |
| Red Hat Network Satellite Server v 4.2 (RHEL3) | RedHat | rhn-modssl-0:2.8.12-8.rhn.10.rhel3 | * |
| Red Hat Network Satellite Server v 4.2 (RHEL3) | RedHat | tomcat5-0:5.0.30-0jpp_10rh | * |
| Lesstif1-1 | Ubuntu | dapper | * |
| Lesstif1-1 | Ubuntu | edgy | * |
| Lesstif2 | Ubuntu | dapper | * |
| Lesstif2 | Ubuntu | devel | * |
| Lesstif2 | Ubuntu | edgy | * |
| Lesstif2 | Ubuntu | feisty | * |
| Openmotif | Ubuntu | dapper | * |
| Openmotif | Ubuntu | devel | * |
| Openmotif | Ubuntu | edgy | * |
| Openmotif | Ubuntu | feisty | * |