CVE-2004-0914

Summary

CVE	CVE-2004-0914
State	PUBLISHED
Assigner	mitre
Source Priority	CVE Program / NVD first with legacy fallback
Published	2005-01-10 05:00:00 UTC
Updated	2025-04-03 01:03:51 UTC
Description	Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions.

Risk And Classification

Primary CVSS: v2.0 10 from [email protected]

AV:N/AC:L/Au:N/C:C/I:C/A:C

Problem Types: NVD-CWE-Other | n/a

CVSS v2.0 Breakdown

Access Vector

Network

Access Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Gentoo	Linux	All	All	All	All
Application	Lesstif	Lesstif	0.93	All	All	All
Application	Lesstif	Lesstif	0.93.12	All	All	All
Application	Lesstif	Lesstif	0.93.18	All	All	All
Application	Lesstif	Lesstif	0.93.34	All	All	All
Application	Lesstif	Lesstif	0.93.36	All	All	All
Application	Lesstif	Lesstif	0.93.40	All	All	All
Application	Lesstif	Lesstif	0.93.91	All	All	All
Application	Lesstif	Lesstif	0.93.94	All	All	All
Application	Lesstif	Lesstif	0.93.96	All	All	All
Operating System	Redhat	Fedora Core	core_2.0	All	All	All
Operating System	Redhat	Fedora Core	core_3.0	All	All	All
Operating System	Suse	Suse Linux	1.0	All	desktop	All
Operating System	Suse	Suse Linux	8	All	enterprise_server	All
Operating System	Suse	Suse Linux	8.1	All	All	All
Operating System	Suse	Suse Linux	8.2	All	All	All
Operating System	Suse	Suse Linux	9.0	All	All	All
Operating System	Suse	Suse Linux	9.0	All	enterprise_server	All
Operating System	Suse	Suse Linux	9.1	All	All	All
Operating System	Suse	Suse Linux	9.2	All	All	All
Application	X.org	X11r6	6.7.0	All	All	All
Application	X.org	X11r6	6.8	All	All	All
Application	X.org	X11r6	6.8.1	All	All	All
Application	Xfree86 Project	X11r6	3.3	All	All	All
Application	Xfree86 Project	X11r6	3.3.2	All	All	All
Application	Xfree86 Project	X11r6	3.3.3	All	All	All
Application	Xfree86 Project	X11r6	3.3.4	All	All	All
Application	Xfree86 Project	X11r6	3.3.5	All	All	All
Application	Xfree86 Project	X11r6	3.3.6	All	All	All
Application	Xfree86 Project	X11r6	4.0	All	All	All
Application	Xfree86 Project	X11r6	4.0.1	All	All	All
Application	Xfree86 Project	X11r6	4.0.2.11	All	All	All
Application	Xfree86 Project	X11r6	4.0.3	All	All	All
Application	Xfree86 Project	X11r6	4.1.0	All	All	All
Application	Xfree86 Project	X11r6	4.1.11	All	All	All
Application	Xfree86 Project	X11r6	4.1.12	All	All	All
Application	Xfree86 Project	X11r6	4.2.0	All	All	All
Application	Xfree86 Project	X11r6	4.2.1	All	All	All
Application	Xfree86 Project	X11r6	4.2.1	All	errata	All
Application	Xfree86 Project	X11r6	4.3.0	All	All	All

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Na	N/a	affected n/a	Not specified

References

Reference	Source	Link	Tags
www1.itrc.hp.com/service/cki/docDisplay.do	af854a3a-2127-422b-91ae-364da2661108	www1.itrc.hp.com
usn/usn-83-2 - Ubuntu Linux	af854a3a-2127-422b-91ae-364da2661108	www.ubuntu.com
usn/usn-83-1 - Ubuntu Linux	af854a3a-2127-422b-91ae-364da2661108	www.ubuntu.com
Fedora: xorg-x11-6.7.0-10 update.	af854a3a-2127-422b-91ae-364da2661108	www.linuxsecurity.com
Secunia - Advisories - X11 libXpm Multiple Image Processing Vulnerabilities	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
Debian -- Security Information -- DSA-607-1 xfree86	af854a3a-2127-422b-91ae-364da2661108	www.debian.org	Patch, Vendor Advisory
rhn.redhat.com \| Red Hat Support	af854a3a-2127-422b-91ae-364da2661108	www.redhat.com
redhat.com \| Red Hat Support	af854a3a-2127-422b-91ae-364da2661108	rhn.redhat.com
LibXPM Multiple Unspecified Vulnerabilities	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com	Patch, Vendor Advisory
Gentoo Linux Documentation -- LessTif: Multiple vulnerabilities in libXpm	af854a3a-2127-422b-91ae-364da2661108	www.gentoo.org
IBM X-Force Exchange	af854a3a-2127-422b-91ae-364da2661108	exchange.xforce.ibmcloud.com
IBM X-Force Exchange	af854a3a-2127-422b-91ae-364da2661108	exchange.xforce.ibmcloud.com
404 Not Found	af854a3a-2127-422b-91ae-364da2661108	www.x.org
IBM X-Force Exchange	af854a3a-2127-422b-91ae-364da2661108	exchange.xforce.ibmcloud.com
IBM X-Force Exchange	af854a3a-2127-422b-91ae-364da2661108	exchange.xforce.ibmcloud.com
IBM X-Force Exchange	af854a3a-2127-422b-91ae-364da2661108	exchange.xforce.ibmcloud.com
[FLSA-2006:152803] Updated lesstif packages fix security issues	af854a3a-2127-422b-91ae-364da2661108	www.redhat.com
Advisories - Mandriva	af854a3a-2127-422b-91ae-364da2661108	www.mandriva.com
Gentoo Linux Documentation -- X.Org, XFree86: libXpm vulnerabilities	af854a3a-2127-422b-91ae-364da2661108	www.gentoo.org	Patch, Vendor Advisory
Gentoo Linux Documentation -- OpenMotif: Multiple vulnerabilities in libXpm	af854a3a-2127-422b-91ae-364da2661108	www.gentoo.org
Repository / Oval Repository	af854a3a-2127-422b-91ae-364da2661108	oval.cisecurity.org
rhn.redhat.com \| Red Hat Support	af854a3a-2127-422b-91ae-364da2661108	www.redhat.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

Vendor Comments And Credit

Organization	Published	Contributor	Statement
Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

There are currently no legacy QID mappings associated with this CVE.