Hide Forgot
Common Vulnerabilities and Exposures assigned an identifier CVE-2004-0688 to the following vulnerability: Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file. References: http://marc.theaimsgroup.com/?l=bugtraq&m=109530851323415&w=2 http://scary.beasts.org/security/CESA-2004-003.txt http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch http://lists.apple.com/archives/security-announce/2005/May/msg00001.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924 http://www.debian.org/security/2004/dsa-560 http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml http://www.securityfocus.com/archive/1/archive/1/434715/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/434715/100/0/threaded http://www.mandriva.com/security/advisories?name=MDKSA-2004:098 http://www.redhat.com/support/errata/RHSA-2004-537.html http://www.redhat.com/support/errata/RHSA-2005-004.html http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1 http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html http://www.ubuntulinux.org/support/documentation/usn/usn-27-1 http://www.us-cert.gov/cas/techalerts/TA05-136A.html http://www.kb.cert.org/vuls/id/537878 http://www.securityfocus.com/bid/11196 http://www.frsirt.com/english/advisories/2006/1914 http://secunia.com/advisories/20235 http://xforce.iss.net/xforce/xfdb/17416