CVE-2004-0687
published 2004-10-20CVE-2004-0687: Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before…
PriorityP337high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
8.05%
94.1th percentile
Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.
Affected
35 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gdk-pixbuf | < gdk-pixbuf 0.22.0-7 (bookworm) | gdk-pixbuf 0.22.0-7 (bookworm) |
| debian | gtk+2.0 | < gdk-pixbuf 0.22.0-7 (bookworm) | gdk-pixbuf 0.22.0-7 (bookworm) |
| gnome | gdk-pixbuf | >= 0 < 0.22.0-7 | 0.22.0-7 |
| gnome | gdk-pixbuf | >= 0 < 0.22.0-7 | 0.22.0-7 |
| gnome | gdk-pixbuf | >= 0 < 0.22.0-7 | 0.22.0-7 |
| gnome | gdk-pixbuf | >= 0 < 0.22.0-7 | 0.22.0-7 |
| gnome | gdkpixbuf | — | — |
| gnome | gdkpixbuf | — | — |
| gnome | gdkpixbuf | — | — |
| gnome | gdkpixbuf | — | — |
| gnome | gtk | — | — |
| gnome | gtk | — | — |
| gnome | gtk | — | — |
| gnome | gtk | — | — |
| gnome | gtk | — | — |
| openbsd | openbsd | — | — |
| openbsd | openbsd | — | — |
| suse | suse_linux | — | — |
| suse | suse_linux | — | — |
| suse | suse_linux | — | — |
| suse | suse_linux | — | — |
| suse | suse_linux | — | — |
| x.org | x11r6 | — | — |
| x.org | x11r6 | — | — |
| xfree86_project | x11r6 | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
libxpm4 vulnerability
vendor_ubuntu·2004-11-18
CVE-2004-0688 libxpm4 vulnerability
Title: libxpm4 vulnerability
Summary: libxpm4 vulnerability
Chris Evans discovered several stack overflows in the versions of
libXpm shipped by X.Org, XFree86, and LessTif. These overflows
were fixed in the Warty development tree before its release.
Mathieu Herrb of OpenBSD subsequently discovered that the original
patch was insufficient to address these overflows, and thus the
version of libxpm4 shipped with Warty is still vulnerable to the
original overflows.
These overflows do not allow privilege escalation through the X
server; the overflows are in a client-side library, allowing
arbitrary code execution with the privileges of the user
viewing a malicious pixmap.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
openmotif21 stack overflows in libxpm
vendor_redhat·2004-10-07·CVSS 7.5
CVE-2004-0687 [HIGH] openmotif21 stack overflows in libxpm
openmotif21 stack overflows in libxpm
Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.
Statement: Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat
security flaw
vendor_redhat·2004-09-15·CVSS 7.5
CVE-2004-0782 [HIGH] security flaw
security flaw
Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain n_col and cpp values that enable a heap-based buffer overflow. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0687).
Debian
CVE-2004-0782: gdk-pixbuf - Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image decoder f...
vendor_debian·2004·CVSS 7.5
CVE-2004-0782 [HIGH] CVE-2004-0782: gdk-pixbuf - Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image decoder f...
Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain n_col and cpp values that enable a heap-based buffer overflow. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0687).
Scope: local
bookworm: resolved (fixed in 0.22.0-7)
bullseye: resolved (fixed in 0.22.0-7)
forky: resolved (fixed in 0.22.0-7)
sid: resolved (fixed in 0.22.0-7)
trixie: resolved (fixed in 0.22.0-7)
GHSA
GHSA-3r6w-5wg8-cf38: Multiple stack-based buffer overflows in (1) xpmParseColors in parse
ghsa_unreviewed·2022-04-29
CVE-2004-0687 [HIGH] GHSA-3r6w-5wg8-cf38: Multiple stack-based buffer overflows in (1) xpmParseColors in parse
Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.
GHSA
GHSA-g6wq-qgq2-g3hg: Integer overflow in pixbuf_create_from_xpm (io-xpm
ghsa_unreviewed·2022-04-29·CVSS 7.5
CVE-2004-0782 [HIGH] GHSA-g6wq-qgq2-g3hg: Integer overflow in pixbuf_create_from_xpm (io-xpm
Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain n_col and cpp values that enable a heap-based buffer overflow. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0687).
OSV
CVE-2004-0782: Integer overflow in pixbuf_create_from_xpm (io-xpm
osv·2004-10-20·CVSS 7.5
CVE-2004-0782 [HIGH] CVE-2004-0782: Integer overflow in pixbuf_create_from_xpm (io-xpm
Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain n_col and cpp values that enable a heap-based buffer overflow. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0687).
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2004-0782 security flaw
bugzilla·2018-08-16·CVSS 7.5
CVE-2004-0782 [HIGH] CVE-2004-0782 security flaw
CVE-2004-0782 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain n_col and cpp values that enable a heap-based buffer overflow. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0687).
Bugzilla
CVE-2004-0687 openmotif21 stack overflows in libxpm
bugzilla·2008-01-28·CVSS 7.5
CVE-2004-0687 [HIGH] CVE-2004-0687 openmotif21 stack overflows in libxpm
CVE-2004-0687 openmotif21 stack overflows in libxpm
Common Vulnerabilities and Exposures assigned an identifier CVE-2004-0687 to the following vulnerability:
Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.
References:
http://marc.theaimsgroup.com/?l=bugtraq&m=109530851323415&w=2
http://scary.beasts.org/security/CESA-2004-003.txt
http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch
http://lists.apple.com/archives/security-announce/2005/May/msg00001.html
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924
http://www.debian.org/security/2004/dsa-560
http://www.r
Bugzilla
CVE-2004-0688 openmotif21 stack overflows in libxpm
bugzilla·2008-01-28·CVSS 7.5
CVE-2004-0688 [HIGH] CVE-2004-0688 openmotif21 stack overflows in libxpm
CVE-2004-0688 openmotif21 stack overflows in libxpm
Common Vulnerabilities and Exposures assigned an identifier CVE-2004-0688 to the following vulnerability:
Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.
References:
http://marc.theaimsgroup.com/?l=bugtraq&m=109530851323415&w=2
http://scary.beasts.org/security/CESA-2004-003.txt
http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch
http://lists.apple.com/archives/security-announce/2005/May/msg00001.html
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924
http://www.debian.org/s
Bugzilla
CAN-2004-0687 libxpm flaws affect OpenMotif (CAN-2004-0688, CAN-2004-0914)
bugzilla·2004-10-05
[MEDIUM] CAN-2004-0687 libxpm flaws affect OpenMotif (CAN-2004-0688, CAN-2004-0914)
CAN-2004-0687 libxpm flaws affect OpenMotif (CAN-2004-0688, CAN-2004-0914)
During a source code audit, Chris Evans discovered several stack
overflow flaws and an integer overflow flaw in the libXpm library used
to decode XPM (X PixMap) images. A vulnerable version of this library
was found within OpenMotif. An attacker could create a carefully crafted
XPM file which would cause an application to crash or potentially
execute arbitrary code if opened by a victim. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
names CAN-2004-0687 and CAN-2004-0688 to these issues.
Thomas Woerner discovered that OpenMotif had embedded an old libxpm
library that is vulnerable to these issues.
CAN-2004-0687/8 Affects: 2.1AS 2.1ES 2.1WS 2.1AW
CAN-2004-0687/8 Affects: 3AS 3WS
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patchhttp://lists.apple.com/archives/security-announce/2005/May/msg00001.htmlhttp://marc.info/?l=bugtraq&m=109530851323415&w=2http://packetstormsecurity.com/files/170620/Solaris-10-dtprintinfo-libXm-libXpm-Security-Issues.htmlhttp://scary.beasts.org/security/CESA-2004-003.txthttp://secunia.com/advisories/20235http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1http://www.debian.org/security/2004/dsa-560http://www.gentoo.org/security/en/glsa/glsa-200409-34.xmlhttp://www.gentoo.org/security/en/glsa/glsa-200502-07.xmlhttp://www.kb.cert.org/vuls/id/882750http://www.mandriva.com/security/advisories?name=MDKSA-2004:098http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.htmlhttp://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.htmlhttp://www.redhat.com/support/errata/RHSA-2004-537.htmlhttp://www.redhat.com/support/errata/RHSA-2005-004.htmlhttp://www.securityfocus.com/archive/1/434715/100/0/threadedhttp://www.securityfocus.com/bid/11196http://www.us-cert.gov/cas/techalerts/TA05-136A.htmlhttp://www.vupen.com/english/advisories/2006/1914https://exchange.xforce.ibmcloud.com/vulnerabilities/17414https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9187https://usn.ubuntu.com/27-1/http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patchhttp://lists.apple.com/archives/security-announce/2005/May/msg00001.htmlhttp://marc.info/?l=bugtraq&m=109530851323415&w=2http://packetstormsecurity.com/files/170620/Solaris-10-dtprintinfo-libXm-libXpm-Security-Issues.htmlhttp://scary.beasts.org/security/CESA-2004-003.txthttp://secunia.com/advisories/20235http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1http://www.debian.org/security/2004/dsa-560http://www.gentoo.org/security/en/glsa/glsa-200409-34.xmlhttp://www.gentoo.org/security/en/glsa/glsa-200502-07.xmlhttp://www.kb.cert.org/vuls/id/882750http://www.mandriva.com/security/advisories?name=MDKSA-2004:098http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.htmlhttp://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.htmlhttp://www.redhat.com/support/errata/RHSA-2004-537.htmlhttp://www.redhat.com/support/errata/RHSA-2005-004.htmlhttp://www.securityfocus.com/archive/1/434715/100/0/threadedhttp://www.securityfocus.com/bid/11196http://www.us-cert.gov/cas/techalerts/TA05-136A.htmlhttp://www.vupen.com/english/advisories/2006/1914https://exchange.xforce.ibmcloud.com/vulnerabilities/17414https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9187https://usn.ubuntu.com/27-1/
2004-10-20
Published