CVE-2004-0914

Description

Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions.

Affected products

• gentoo / linux
• lesstif / lesstif0.93.12 – 0.93.12
• lesstif / lesstif0.93.18 – 0.93.18
• lesstif / lesstif0.93.34 – 0.93.34
• lesstif / lesstif0.93.36 – 0.93.36
• lesstif / lesstif0.93.40 – 0.93.40
• lesstif / lesstif0.93.91 – 0.93.91
• lesstif / lesstif0.93.94 – 0.93.94
• lesstif / lesstif0.93.96 – 0.93.96
• lesstif / lesstif0.93 – 0.93
• RedHat / fedora_corecore_3.0 – core_3.0
• RedHat / fedora_corecore_2.0 – core_2.0
• SUSE / suse_linux9.2 – 9.2
• SUSE / suse_linux1.0 – 1.0
• SUSE / suse_linux8 – 8
• SUSE / suse_linux8.1 – 8.1
• SUSE / suse_linux8.2 – 8.2
• SUSE / suse_linux9.0 – 9.0
• SUSE / suse_linux9.0 – 9.0
• SUSE / suse_linux9.1 – 9.1
• xfree86_project / x11r64.0.2.11 – 4.0.2.11
• xfree86_project / x11r64.0.3 – 4.0.3
• xfree86_project / x11r64.1.0 – 4.1.0
• xfree86_project / x11r64.1.11 – 4.1.11
• xfree86_project / x11r64.1.12 – 4.1.12
• xfree86_project / x11r64.2.0 – 4.2.0
• xfree86_project / x11r64.2.1 – 4.2.1
• xfree86_project / x11r64.2.1 – 4.2.1
• xfree86_project / x11r64.3.0 – 4.3.0
• xfree86_project / x11r63.3 – 3.3
• xfree86_project / x11r63.3.6 – 3.3.6
• xfree86_project / x11r64.0 – 4.0
• xfree86_project / x11r64.0.1 – 4.0.1
• xfree86_project / x11r63.3.2 – 3.3.2
• xfree86_project / x11r63.3.3 – 3.3.3
• xfree86_project / x11r63.3.4 – 3.3.4
• xfree86_project / x11r63.3.5 – 3.3.5
• X.Org / x11r66.8.1 – 6.8.1
• X.Org / x11r66.8 – 6.8
• X.Org / x11r66.7.0 – 6.7.0

References

• MISChttp://www.redhat.com/support/errata/RHSA-2005-004.html
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/18146
• VENDOR_ADVISORYhttp://www.ubuntu.com/usn/usn-83-1
• MISChttp://rhn.redhat.com/errata/RHSA-2004-537.html
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/18142
• VENDOR_ADVISORYhttp://secunia.com/advisories/13224/
• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9943
• MISChttp://www.linuxsecurity.com/content/view/106877/102/
• MISChttp://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch
• MISChttp://www.redhat.com/support/errata/RHSA-2004-610.html
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/18144
• MISChttp://www.gentoo.org/security/en/glsa/glsa-200502-07.xml
• MISChttp://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html
• VENDOR_ADVISORYhttp://www.debian.org/security/2004/dsa-607
• MISChttp://www.securityfocus.com/bid/11694
• MISChttp://www.gentoo.org/security/en/glsa/glsa-200502-06.xml
• VENDOR_ADVISORYhttp://www.ubuntu.com/usn/usn-83-2
• MISChttp://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01228
• VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDKSA-2004:137
• MISChttp://www.gentoo.org/security/en/glsa/glsa-200411-28.xml
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/18147
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/18145