FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2004-0687

This CVE name corresponds to:

Entered Topic
2005-06-01 linux_base -- vulnerabilities in Red Hat 7.1 libraries
2004-09-15 xpm -- image decoding vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2004-0687
Phase Assigned(20040713)

Description

Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.

References

Source Reference
BUGTRAQ 20040915 CESA-2004-004: libXpm
MISC http://scary.beasts.org/security/CESA-2004-003.txt
CONFIRM http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch
APPLE APPLE-SA-2005-05-03
CONECTIVA CLA-2005:924
DEBIAN DSA-560
FEDORA FLSA-2006:152803
GENTOO GLSA-200409-34
GENTOO GLSA-200502-07
HP HPSBUX02119
HP SSRT4848
MANDRAKE MDKSA-2004:098
REDHAT RHSA-2004:537
REDHAT RHSA-2005:004
SUNALERT 57653
SUSE SUSE-SA:2004:034
UBUNTU USN-27-1
CERT TA05-136A
CERT-VN VU#882750
BID 11196
OVAL oval:org.mitre.oval:def:9187
VUPEN ADV-2006-1914
SECUNIA 20235
XF libxpm-multiple-stack-bo(17414)