CVE-2004-0688

Sažetak

Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.

Reference

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924
http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch
http://lists.apple.com/archives/security-announce/2005/May/msg00001.html
http://marc.info/?l=bugtraq&m=109530851323415&w=2
http://scary.beasts.org/security/CESA-2004-003.txt
http://secunia.com/advisories/20235
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1
http://www.debian.org/security/2004/dsa-560
http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml
http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml
http://www.kb.cert.org/vuls/id/537878
http://www.mandriva.com/security/advisories?name=MDKSA-2004:098
http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html
http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html
http://www.redhat.com/support/errata/RHSA-2004-537.html
http://www.redhat.com/support/errata/RHSA-2005-004.html
http://www.securityfocus.com/archive/1/434715/100/0/threaded
http://www.securityfocus.com/bid/11196
http://www.us-cert.gov/cas/techalerts/TA05-136A.html
http://www.vupen.com/english/advisories/2006/1914
https://exchange.xforce.ibmcloud.com/vulnerabilities/17416
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11796
https://usn.ubuntu.com/27-1/

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

19-10-2018 - 15:30

Objavljeno

20-10-2004 - 04:00