Vulnerability Note VU#537878

libXpm library contains multiple integer overflow vulnerabilities

Original Release date: 30 Sep 2004 | Last revised: 06 Oct 2005

Overview

libXpm contains multiple integer overflow vulnerabilities that may allow an attacker to cause a denial-of-service condition or execute arbitrary code.

Description

XPM is a format for encoding and decoding X PixMap images that is used in the X Windows System 11 (X11). libXpm is a library of functions used to manipulate XPM images. Multiple libXpmroutines contain integer overflow vulnerabilities including, but not necessarily limited to, the following functions:

  • xpmParseColors
  • XpmCreateImageFromXpmImage
  • CreateXImage
  • ParsePixels
  • ParseAndPutPixels
  • ParsePixels
    These issues are the result of insufficient validation of user-supplied data. Consequently, an attacker may be able to exploit these vulnerabilities by supplying an application using libXpm with a specially crafted XPM image. Applications that receive input from remote sources may be remotely exploitable.

    Any program that uses the libXpm library may be affected by this issue. Users are encouraged to contact their vendors to determine if they are vulnerable.

    Impact

    Specific impacts depend on the application and libXpm routine being attacked. Potential consequences range from abrupt and abnormal program termination to the execution of arbitrary code with the privileges of the compromised program.

    Solution

    Apply a Patch for X11 Version 6.8.0

    The X.org Foundation has released a patch to address this issue in version 6.8.0. In addition, several vendors of relevant or derived implementations have released patches to address this vulnerability; please contact those vendors for further details.

      Upgrade X11

      This issue has been fixed in X11 version 6.8.1.

      Systems Affected (Learn More)

      VendorStatusDate NotifiedDate Updated
      DebianAffected23 Sep 200411 Oct 2004
      FreeBSDAffected23 Sep 200411 Oct 2004
      Hewlett-Packard CompanyAffected23 Sep 200406 Oct 2005
      SuSE Inc.Affected23 Sep 200411 Oct 2004
      Apple Computer Inc.Unknown-11 Oct 2004
      BSDIUnknown-11 Oct 2004
      ConnectivaUnknown-11 Oct 2004
      Cray Inc.Unknown-11 Oct 2004
      EMC CorporationUnknown-11 Oct 2004
      EngardeUnknown-11 Oct 2004
      F5 NetworksUnknown-11 Oct 2004
      FujitsuUnknown-11 Oct 2004
      GentooUnknown-11 Oct 2004
      HitachiUnknown-11 Oct 2004
      IBMUnknown23 Sep 200411 Oct 2004
      If you are a vendor and your product is affected, let us know.View More »

      CVSS Metrics (Learn More)

      Group Score Vector
      Base N/A N/A
      Temporal N/A N/A
      Environmental N/A N/A

      References

      Credit

      This vulnerability was publicly reported by Chris Evans.

      This document was written by Jeffrey Gennari.

      Other Information

      • CVE IDs: CAN-2004-0688
      • Date Public: 16 Sep 2004
      • Date First Published: 30 Sep 2004
      • Date Last Updated: 06 Oct 2005
      • Severity Metric: 2.82
      • Document Revision: 225

      Feedback

      If you have feedback, comments, or additional information about this vulnerability, please send us email.