CVE-2004-0688 Information

Description

Multiple integer overflows in (1) the xpmParseColors function in parse.c (2) XpmCreateImageFromXpmImage (3) CreateXImage (4) ParsePixels and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.

Reference

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924 http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch http://lists.apple.com/archives/security-announce/2005/May/msg00001.html http://marc.info/?l=bugtraq&m=109530851323415&w=2 http://scary.beasts.org/security/CESA-2004-003.txt http://secunia.com/advisories/20235 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1 http://www.debian.org/security/2004/dsa-560 http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml http://www.kb.cert.org/vuls/id/537878 http://www.mandriva.com/security/advisories?name=MDKSA-2004:098 http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html http://www.redhat.com/support/errata/RHSA-2004-537.html http://www.redhat.com/support/errata/RHSA-2005-004.html http://www.securityfocus.com/archive/1/434715/100/0/threaded http://www.securityfocus.com/bid/11196 http://www.us-cert.gov/cas/techalerts/TA05-136A.html http://www.vupen.com/english/advisories/2006/1914 https://exchange.xforce.ibmcloud.com/vulnerabilities/17416 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11796 https://usn.ubuntu.com/27-1/