Vulnerability Details : CVE-2004-0688
Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2004-0688
Probability of exploitation activity in the next 30 days: 29.18%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 96 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2004-0688
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
Vendor statements for CVE-2004-0688
-
Red Hat 2007-03-14Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
- http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html
- https://usn.ubuntu.com/27-1/
- http://lists.apple.com/archives/security-announce/2005/May/msg00001.html
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1
-
http://www.securityfocus.com/bid/11196
Patch;Vendor Advisory
-
http://www.us-cert.gov/cas/techalerts/TA05-136A.html
US Government Resource
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/17416
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11796
-
http://www.kb.cert.org/vuls/id/537878
US Government Resource
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:098
- http://www.securityfocus.com/archive/1/434715/100/0/threaded
- http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml
- http://www.debian.org/security/2004/dsa-560
- http://marc.info/?l=bugtraq&m=109530851323415&w=2
- http://www.redhat.com/support/errata/RHSA-2005-004.html
- http://www.redhat.com/support/errata/RHSA-2004-537.html
- http://scary.beasts.org/security/CESA-2004-003.txt
- http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml
- http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch
- http://www.vupen.com/english/advisories/2006/1914
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924
- http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html
- cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:xfree86_project:x11r6:3.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:xfree86_project:x11r6:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:xfree86_project:x11r6:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:xfree86_project:x11r6:4.1.11:*:*:*:*:*:*:*
- cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:errata:*:*:*:*:*
- cpe:2.3:a:xfree86_project:x11r6:4.1.12:*:*:*:*:*:*:*
- cpe:2.3:a:xfree86_project:x11r6:4.0.2.11:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*
- cpe:2.3:a:x.org:x11r6:6.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:x.org:x11r6:6.8:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:3.5:*:*:*:*:*:*:*