Vulnerability Description
Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| X.Org | X11R6 | 6.7.0 |
| Xfree86 Project | X11R6 | 3.3.6 |
| Openbsd | Openbsd | 3.4 |
| Suse | Suse Linux | 8 |
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924
- http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch
- http://lists.apple.com/archives/security-announce/2005/May/msg00001.html
- http://marc.info/?l=bugtraq&m=109530851323415&w=2
- http://packetstormsecurity.com/files/170620/Solaris-10-dtprintinfo-libXm-libXpm-
- http://scary.beasts.org/security/CESA-2004-003.txt
- http://secunia.com/advisories/20235
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1
- http://www.debian.org/security/2004/dsa-560
- http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml
- http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml
- http://www.kb.cert.org/vuls/id/882750US Government Resource
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:098
- http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.htm
- http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html
FAQ
What is CVE-2004-0687?
CVE-2004-0687 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbi...
How severe is CVE-2004-0687?
CVE-2004-0687 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0687?
Check the references section above for vendor advisories and patch information. Affected products include: X.Org X11R6, Xfree86 Project X11R6, Openbsd Openbsd, Suse Suse Linux.