7.5

CVE-2004-0688

Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
X.OrgX11r6 Version6.7.0
X.OrgX11r6 Version6.8
Xfree86 ProjectX11r6 Version3.3.6
Xfree86 ProjectX11r6 Version4.0
Xfree86 ProjectX11r6 Version4.0.1
Xfree86 ProjectX11r6 Version4.0.2.11
Xfree86 ProjectX11r6 Version4.0.3
Xfree86 ProjectX11r6 Version4.1.0
Xfree86 ProjectX11r6 Version4.1.11
Xfree86 ProjectX11r6 Version4.1.12
Xfree86 ProjectX11r6 Version4.2.0
Xfree86 ProjectX11r6 Version4.2.1
Xfree86 ProjectX11r6 Version4.2.1 Editionerrata
Xfree86 ProjectX11r6 Version4.3.0
OpenbsdOpenbsd Version3.4
OpenbsdOpenbsd Version3.5
SuseSuse Linux Version8 Editionenterprise_server
SuseSuse Linux Version8.1
SuseSuse Linux Version8.2
SuseSuse Linux Version9.0
SuseSuse Linux Version9.0 Editionenterprise_server
SuseSuse Linux Version9.0 Editionx86_64
SuseSuse Linux Version9.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.25% 0.935
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924
http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch
http://lists.apple.com/archives/security-announce/2005/May/msg00001.html
http://marc.info/?l=bugtraq&m=109530851323415&w=2
http://scary.beasts.org/security/CESA-2004-003.txt
http://secunia.com/advisories/20235
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1
http://www.debian.org/security/2004/dsa-560
http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml
http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2004:098
http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html
http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html
http://www.redhat.com/support/errata/RHSA-2004-537.html
http://www.redhat.com/support/errata/RHSA-2005-004.html
http://www.securityfocus.com/archive/1/434715/100/0/threaded
http://www.securityfocus.com/bid/11196
Patch
Vendor Advisory
http://www.us-cert.gov/cas/techalerts/TA05-136A.html
US Government Resource
http://www.vupen.com/english/advisories/2006/1914
https://usn.ubuntu.com/27-1/
http://www.kb.cert.org/vuls/id/537878
US Government Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/17416
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11796