cbcvebase.
CVE-2004-0914
published 2005-01-10

CVE-2004-0914: Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds…

PriorityP431critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
8.70%
94.5th percentile
Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions.

Affected

37 ranges· showing 25
VendorProductVersion rangeFixed in
lesstiflesstif
lesstiflesstif
lesstiflesstif
lesstiflesstif
lesstiflesstif
lesstiflesstif
lesstiflesstif
lesstiflesstif
lesstiflesstif
redhatfedora_core
redhatfedora_core
susesuse_linux
susesuse_linux
susesuse_linux
susesuse_linux
susesuse_linux
susesuse_linux
susesuse_linux
x.orgx11r6
x.orgx11r6
x.orgx11r6
xfree86_projectx11r6
xfree86_projectx11r6
xfree86_projectx11r6
xfree86_projectx11r6

CVSS provenance

nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat10.0CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.