Bug 135080 - CAN-2004-0687 buffer overflows in libXpm
Summary: CAN-2004-0687 buffer overflows in libXpm
Status: CLOSED UPSTREAM
Alias: None
Product: Fedora
Classification: Fedora
Component: lesstif (Show other bugs)
(Show other bugs)
Version: 2
Hardware: All Linux
medium
medium
Target Milestone: ---
Assignee: Thomas Woerner
QA Contact:
URL:
Whiteboard: impact=moderate,public=20041007
Keywords: Security
: 136981 (view as bug list)
Depends On:
Blocks: CVE-2004-0687
TreeView+ depends on / blocked
 
Reported: 2004-10-08 14:59 UTC by Josh Bressers
Modified: 2008-01-28 16:01 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-08-19 20:47:05 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Josh Bressers 2004-10-08 14:59:36 UTC
Multiple stack-based buffer overflows in (1) xpmParseColors in
parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in
parse.c for libXpm before 6.8.1 allow remote attackers to execute
arbitrary code via a malformed XPM image file.

This library itself is contained in lesstif.

Comment 1 Mark J. Cox 2004-10-27 10:04:15 UTC
*** Bug 136981 has been marked as a duplicate of this bug. ***

Comment 2 Marius Andreiana 2005-08-19 20:47:05 UTC
Thanks for the bug report. However, Red Hat no longer maintains this version of
the product. Please upgrade to the latest version and open a new bug if the problem
persists.

The Fedora Legacy project (http://fedoralegacy.org/) maintains some older releases, 
and if you believe this bug is interesting to them, please report the problem in
the bug tracker at: http://bugzilla.fedora.us/

lesstif is no longer included in FC4 or extras. Please report the problem
upstream if still present.


Note You need to log in before you can comment on or make changes to this bug.