CVE-2004-0687

libXpm <6.8.1 - Remote Code Execution

Title source: manual
STIX 2.1

Description

Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.

References (24)

Core 24
Core References
Vendor Advisory vendor-advisory
https://usn.ubuntu.com/27-1/
US Government Resource third-party-advisory
http://www.us-cert.gov/cas/techalerts/TA05-136A.html
Third Party Advisory, VDB Entry vendor-advisory
http://www.securityfocus.com/archive/1/434715/100/0/threaded
Patch, Vendor Advisory vdb-entry
http://www.securityfocus.com/bid/11196
Third Party Advisory, VDB Entry vdb-entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/17414
Third Party Advisory vdb-entry
http://www.vupen.com/english/advisories/2006/1914
Third Party Advisory vendor-advisory
http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml
US Government Resource third-party-advisory
http://www.kb.cert.org/vuls/id/882750
Third Party Advisory vendor-advisory
http://www.debian.org/security/2004/dsa-560
Third Party Advisory vendor-advisory
http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml
Third Party Advisory third-party-advisory
http://secunia.com/advisories/20235

Scores

EPSS 0.2210
EPSS Percentile 95.9%

Details

Status published
Products (20)
openbsd/openbsd 3.4
openbsd/openbsd 3.5
suse/suse_linux 8
suse/suse_linux 8.1
suse/suse_linux 8.2
suse/suse_linux 9.0 (3 CPE variants)
suse/suse_linux 9.1
x.org/x11r6 6.7.0
x.org/x11r6 6.8
xfree86_project/x11r6 3.3.6
... and 10 more
Published Oct 20, 2004
Tracked Since Feb 18, 2026