SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips
 

Vulnerability Note VU#537878

libXpm library contains multiple integer overflow vulnerabilities

Overview

libXpm contains multiple integer overflow vulnerabilities that may allow an attacker to cause a denial-of-service condition or execute arbitrary code.

I. Description

XPM is a format for encoding and decoding X PixMap images that is used in the X Windows System 11 (X11). libXpm is a library of functions used to manipulate XPM images. Multiple libXpmroutines contain integer overflow vulnerabilities including, but not necessarily limited to, the following functions:
  • xpmParseColors
  • XpmCreateImageFromXpmImage
  • CreateXImage
  • ParsePixels
  • ParseAndPutPixels
  • ParsePixels
    These issues are the result of insufficient validation of user-supplied data. Consequently, an attacker may be able to exploit these vulnerabilities by supplying an application using libXpm with a specially crafted XPM image. Applications that receive input from remote sources may be remotely exploitable.

    Any program that uses the libXpm library may be affected by this issue. Users are encouraged to contact their vendors to determine if they are vulnerable.

    II. Impact

    Specific impacts depend on the application and libXpm routine being attacked. Potential consequences range from abrupt and abnormal program termination to the execution of arbitrary code with the privileges of the compromised program.

    III. Solution

    Apply a Patch for X11 Version 6.8.0


    The X.org Foundation has released a patch to address this issue in version 6.8.0. In addition, several vendors of relevant or derived implementations have released patches to address this vulnerability; please contact those vendors for further details.

      Upgrade X11

      This issue has been fixed in X11 version 6.8.1.

      Systems Affected
      VendorStatusDate NotifiedDate Updated
      Apple Computer Inc.Unknown11-Oct-2004
      BSDIUnknown11-Oct-2004
      ConnectivaUnknown11-Oct-2004
      Cray Inc.Unknown11-Oct-2004
      DebianVulnerable11-Oct-2004
      EMC CorporationUnknown11-Oct-2004
      EngardeUnknown11-Oct-2004
      F5 NetworksUnknown11-Oct-2004
      FreeBSDVulnerable11-Oct-2004
      FujitsuUnknown11-Oct-2004
      GentooUnknown11-Oct-2004
      Hewlett-Packard CompanyVulnerable6-Oct-2005
      HitachiUnknown11-Oct-2004
      IBMUnknown11-Oct-2004
      IBM-zSeriesUnknown11-Oct-2004
      IBM eServerUnknown11-Oct-2004
      ImmunixUnknown11-Oct-2004
      Ingrian NetworksUnknown11-Oct-2004
      Juniper NetworksUnknown11-Oct-2004
      MandrakeSoftUnknown11-Oct-2004
      MontaVista SoftwareUnknown11-Oct-2004
      NEC CorporationUnknown11-Oct-2004
      NETBSDUnknown11-Oct-2004
      NokiaUnknown11-Oct-2004
      NovellUnknown11-Oct-2004
      OpenBSDUnknown27-Sep-2004
      Openwall GNU/*/LinuxUnknown11-Oct-2004
      Red Hat Inc.Unknown11-Oct-2004
      SCOUnknown11-Oct-2004
      SequentUnknown11-Oct-2004
      SGIUnknown11-Oct-2004
      Sony CorporationUnknown11-Oct-2004
      Sun Microsystems Inc.Unknown11-Oct-2004
      SuSE Inc.Vulnerable11-Oct-2004
      TurboLinuxUnknown11-Oct-2004
      UnisysUnknown11-Oct-2004
      Wind River Systems Inc.Unknown11-Oct-2004
      X ConsortiumUnknown20-Sep-2004
      X11Unknown30-Sep-2004

      References


      http://scary.beasts.org/security/CESA-2004-003.txt
      http://secunia.com/advisories/12549/
      http://www.securitytracker.com/alerts/2004/Sep/1011324.html
      http://www.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch

      Credit

      This vulnerability was publicly reported by Chris Evans.

      This document was written by Jeffrey Gennari.

      Other Information

      Date Public:2004-09-16
      Date First Published:2004-09-30
      Date Last Updated:2005-10-06
      CERT Advisory: 
      CVE-ID(s):CAN-2004-0688
      NVD-ID(s):CAN-2004-0688
      US-CERT Technical Alerts: 
      Metric:2.82
      Document Revision:225

      If you have feedback, comments, or additional information about this vulnerability, please send us email.
       

      		 
      Page Corner Image
      Copyright 2004 Carnegie Mellon University
      Disclaimers and copyright information
      Get Adobe Reader Get Adobe Reader