7.5

CVE-2004-0688

EPSS 16.03%
Published 20.10.2004 04:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.

Affected products Warnungen 0 Metrics 2 CWE 0 References 26

Data is provided by the National Vulnerability Database (NVD)

X.Org ≫ X11r6 Version6.7.0

X.Org ≫ X11r6 Version6.8

Xfree86 Project ≫ X11r6 Version3.3.6

Xfree86 Project ≫ X11r6 Version4.0

Xfree86 Project ≫ X11r6 Version4.0.1

Xfree86 Project ≫ X11r6 Version4.0.2.11

Xfree86 Project ≫ X11r6 Version4.0.3

Xfree86 Project ≫ X11r6 Version4.1.0

Xfree86 Project ≫ X11r6 Version4.1.11

Xfree86 Project ≫ X11r6 Version4.1.12

Xfree86 Project ≫ X11r6 Version4.2.0

Xfree86 Project ≫ X11r6 Version4.2.1

Xfree86 Project ≫ X11r6 Version4.2.1 Editionerrata

Xfree86 Project ≫ X11r6 Version4.3.0

Openbsd ≫ Openbsd Version3.4

Openbsd ≫ Openbsd Version3.5

Suse ≫ Suse Linux Version8 Editionenterprise_server

Suse ≫ Suse Linux Version8.1

Suse ≫ Suse Linux Version8.2

Suse ≫ Suse Linux Version9.0

Suse ≫ Suse Linux Version9.0 Editionenterprise_server

Suse ≫ Suse Linux Version9.0 Editionx86_64

Suse ≫ Suse Linux Version9.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	16.03%	0.942

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924

http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch

http://lists.apple.com/archives/security-announce/2005/May/msg00001.html

http://marc.info/?l=bugtraq&m=109530851323415&w=2

http://scary.beasts.org/security/CESA-2004-003.txt

http://secunia.com/advisories/20235

http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1

http://www.debian.org/security/2004/dsa-560

http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml

http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml

http://www.mandriva.com/security/advisories?name=MDKSA-2004:098

http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html

http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html

http://www.redhat.com/support/errata/RHSA-2004-537.html

http://www.redhat.com/support/errata/RHSA-2005-004.html

http://www.securityfocus.com/archive/1/434715/100/0/threaded

http://www.securityfocus.com/bid/11196

Patch

Vendor Advisory

http://www.us-cert.gov/cas/techalerts/TA05-136A.html

US Government Resource

http://www.vupen.com/english/advisories/2006/1914

https://usn.ubuntu.com/27-1/

http://www.kb.cert.org/vuls/id/537878

US Government Resource

https://exchange.xforce.ibmcloud.com/vulnerabilities/17416

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11796

https://nvd.nist.gov/vuln/detail/CVE-2004-0688

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2004-0688

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2004-0688

EUVD