FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2004-0688

This CVE name corresponds to:

Entered Topic
2005-06-01 linux_base -- vulnerabilities in Red Hat 7.1 libraries
2004-09-15 xpm -- image decoding vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2004-0688
Phase Assigned(20040713)

Description

Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.

References

Source Reference
BUGTRAQ 20040915 CESA-2004-004: libXpm
MISC http://scary.beasts.org/security/CESA-2004-003.txt
CONFIRM http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch
APPLE APPLE-SA-2005-05-03
CONECTIVA CLA-2005:924
DEBIAN DSA-560
FEDORA FLSA-2006:152803
GENTOO GLSA-200409-34
GENTOO GLSA-200502-07
HP HPSBUX02119
HP SSRT4848
MANDRAKE MDKSA-2004:098
REDHAT RHSA-2004:537
REDHAT RHSA-2005:004
SUNALERT 57653
SUSE SUSE-SA:2004:034
UBUNTU USN-27-1
CERT TA05-136A
CERT-VN VU#537878
BID 11196
OVAL oval:org.mitre.oval:def:11796
VUPEN ADV-2006-1914
SECUNIA 20235
XF libxpm-xpmfile-integer-overflow(17416)