Vulnerability Note VU#537878
libXpm library contains multiple integer overflow vulnerabilities
libXpm contains multiple integer overflow vulnerabilities that may allow an attacker to cause a denial-of-service condition or execute arbitrary code.
XPM is a format for encoding and decoding X PixMap images that is used in the X Windows System 11 (X11). libXpm is a library of functions used to manipulate XPM images. Multiple libXpmroutines contain integer overflow vulnerabilities including, but not necessarily limited to, the following functions:
Any program that uses the libXpm library may be affected by this issue. Users are encouraged to contact their vendors to determine if they are vulnerable.
Specific impacts depend on the application and libXpm routine being attacked. Potential consequences range from abrupt and abnormal program termination to the execution of arbitrary code with the privileges of the compromised program.
Apply a Patch for X11 Version 6.8.0
This issue has been fixed in X11 version 6.8.1.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Debian||Affected||23 Sep 2004||11 Oct 2004|
|FreeBSD||Affected||23 Sep 2004||11 Oct 2004|
|Hewlett-Packard Company||Affected||23 Sep 2004||06 Oct 2005|
|SuSE Inc.||Affected||23 Sep 2004||11 Oct 2004|
|Apple Computer Inc.||Unknown||-||11 Oct 2004|
|BSDI||Unknown||-||11 Oct 2004|
|Connectiva||Unknown||-||11 Oct 2004|
|Cray Inc.||Unknown||-||11 Oct 2004|
|EMC Corporation||Unknown||-||11 Oct 2004|
|Engarde||Unknown||-||11 Oct 2004|
|F5 Networks||Unknown||-||11 Oct 2004|
|Fujitsu||Unknown||-||11 Oct 2004|
|Gentoo||Unknown||-||11 Oct 2004|
|Hitachi||Unknown||-||11 Oct 2004|
|IBM||Unknown||23 Sep 2004||11 Oct 2004|
CVSS Metrics (Learn More)
This vulnerability was publicly reported by Chris Evans.
This document was written by Jeffrey Gennari.
- CVE IDs: CAN-2004-0688
- Date Public: 16 Sep 2004
- Date First Published: 30 Sep 2004
- Date Last Updated: 06 Oct 2005
- Severity Metric: 2.82
- Document Revision: 225
If you have feedback, comments, or additional information about this vulnerability, please send us email.