CVE-2004-0688

Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.

Published: Oct 20, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-0688
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
xfree86_project / x11r6	4.1.0	4.1.0.x
xfree86_project / x11r6	3.3.6	3.3.6.x
xfree86_project / x11r6	4.0.2.11	4.0.2.11.x
xfree86_project / x11r6	4.0.3	4.0.3.x
x.org / x11r6	6.7.0	6.7.0.x
xfree86_project / x11r6	4.3.0	4.3.0.x
xfree86_project / x11r6	4.2.1	4.2.1.x
x.org / x11r6	6.8	6.8.x
xfree86_project / x11r6	4.0	4.0.x
xfree86_project / x11r6	4.0.1	4.0.1.x
xfree86_project / x11r6	4.2.0	4.2.0.x
xfree86_project / x11r6	4.1.12	4.1.12.x
xfree86_project / x11r6	4.1.11	4.1.11.x
suse / suse_linux	9.0	9.0.x
suse / suse_linux	8.2	8.2.x
suse / suse_linux	8	8.x
suse / suse_linux	9.1	9.1.x
openbsd / openbsd	3.5	3.5.x
openbsd / openbsd	3.4	3.4.x
suse / suse_linux	8.1	8.1.x

Vulnerability Database

289,599

CVE-2004-0688