cbcvebase.
CVE-2004-0688
published 2004-10-20

CVE-2004-0688: Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5)…

PriorityP335high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
7.25%
93.6th percentile
Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.

Affected

30 ranges· showing 25
VendorProductVersion rangeFixed in
debiangtk+2.0< gtk+2.0 2.4.9-2 (bookworm)gtk+2.0 2.4.9-2 (bookworm)
gnomegdkpixbuf
gnomegdkpixbuf
gnomegdkpixbuf
gnomegdkpixbuf
gnomegtk
gnomegtk
gnomegtk
gnomegtk
gnomegtk
openbsdopenbsd
openbsdopenbsd
susesuse_linux
susesuse_linux
susesuse_linux
susesuse_linux
susesuse_linux
x.orgx11r6
x.orgx11r6
xfree86_projectx11r6
xfree86_projectx11r6
xfree86_projectx11r6
xfree86_projectx11r6
xfree86_projectx11r6
xfree86_projectx11r6

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.