FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2004-0914

This CVE name corresponds to:

Entered Topic
2005-06-01 linux_base -- vulnerabilities in Red Hat 7.1 libraries

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2004-0914 at cve.mitre.org

Details

Type Candidate
Name CVE-2004-0914
Phase Assigned(20040927)

Description

Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions.

References

Source Reference
CONFIRM http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch
DEBIAN DSA-607
FEDORA FEDORA-2004-433
FEDORA FLSA-2006:152803
GENTOO GLSA-200411-28
GENTOO GLSA-200502-06
GENTOO GLSA-200502-07
HP HPSBTU01228
MANDRAKE MDKSA-2004:137
REDHAT RHSA-2004:537
REDHAT RHSA-2005:004
REDHAT RHSA-2004:610
UBUNTU USN-83-1
UBUNTU USN-83-2
BID 11694
OVAL oval:org.mitre.oval:def:9943
SECUNIA 13224
XF libxpm-image-bo(18142):
XF libxpm-improper-memory-access(18144):
XF libxpm-command-execution(18145):
XF libxpm-directory-traversal(18146):
XF libxpm-dos(18147)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.