Mageni Mageni Security LLC

Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

xpm -- image decoding vulnerabilities

Information

Severity

Severity

High

Family

Family

FreeBSD Local Security Checks

CVSSv2 Base

CVSSv2 Base

7.5

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

14 years ago

Modified

Modified

6 years ago

Share

Summary

The remote host is missing an update to the system as announced in the referenced advisory.

Insight

Insight

The following packages are affected: agenda-snow-libs linux_base open-motif-devel mupad zh-cle_base libXpm XFree86-libraries xorg-libraries lesstif xpm linux-openmotif open-motif CVE-2004-0687 Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file. CVE-2004-0688 Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.

Solution

Solution

Update your system with the appropriate patches or software upgrades. http://freedesktop.org/pipermail/xorg/2004-September/003172.html http://scary.beasts.org/security/CESA-2004-003.txt http://www.vuxml.org/freebsd/ef253f8b-0727-11d9-b45d-000c41e2cdad.html

Common Vulnerabilities and Exposures (CVE)