CVE-2004-0914Path Traversal in Project X11r6

10 documents6 sources
Severity
10.0CRITICALNVD
EPSS
2.2%
top 15.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
LesstifRedhat Fedora CoreSuse Linux+2 more
Timeline
PublishedJan 10
Latest updateApr 29

Description

Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into o

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages5 packages

NVDxfree86_project/x11r616 versions+15
NVDx.org/x11r66.7.0, 6.8, 6.8.1+2
NVDlesstif/lesstif9 versions+8
NVDsuse/suse_linux7 versions+6
NVDredhat/fedora_corecore_2.0, core_3.0+1

Patches

Patch: www.debian.orgPatch: www.gentoo.orgPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-p8cv-44qj-63q8: Multiple vulnerabilities in libXpm for 62022-04-29
CVEList
CVE-2004-0914: Multiple vulnerabilities in libXpm for 62004-12-15

📋Vendor Advisories

3
Ubuntu
LessTif 1 vulnerabilities2005-09-13
Ubuntu
LessTif 2 vulnerabilities2005-02-16
Red Hat
openmotif21 stack overflows in libxpm2004-09-15

💬Community

2
Bugzilla
CVE-2004-0914 openmotif21 stack overflows in libxpm2008-01-28
Bugzilla
CAN-2004-0687 libxpm flaws affect OpenMotif (CAN-2004-0688, CAN-2004-0914)2004-10-05
CVE-2004-0914 — Path Traversal in Xfree86 Project X11r6 | cvebase