CVE-2004-0688

12 documents6 sources

Severity

7.5HIGH

EPSS

16.0%

top 5.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openbsd Openbsd Suse Suse Linux X.org X11r6 +1 more

Timeline

PublishedOct 20

Latest updateApr 29

Description

Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages4 packages

▶NVDx.org/x11r66.7.0, 6.8+1

▶NVDopenbsd/openbsd3.4, 3.5+1

▶NVDsuse/suse_linux5 versions+4

▶NVDxfree86_project/x11r611 versions+10

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-qmhp-j7pr-584c: Multiple integer overflows in (1) the xpmParseColors function in parse↗2022-04-29

▶

CVEList

CVE-2004-0688: Multiple integer overflows in (1) the xpmParseColors function in parse↗2004-09-24

▶

📋Vendor Advisories

Ubuntu

libxpm4 vulnerability↗2004-11-18

▶

Red Hat

openmotif21 stack overflows in libxpm↗2004-09-15

▶

Red Hat

security flaw↗2004-09-15

▶

💬Community

Bugzilla

CVE-2004-0783 security flaw↗2018-08-16

▶

Bugzilla

CVE-2004-0688 openmotif21 stack overflows in libxpm↗2008-01-28

▶

Bugzilla

CVE-2004-0687 openmotif21 stack overflows in libxpm↗2008-01-28

▶

Bugzilla

CAN-2004-0687 libxpm flaws affect OpenMotif (CAN-2004-0688, CAN-2004-0914)↗2004-10-05

▶