Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| suse | suse_linux | 8.1 |
| lesstif | lesstif | 0.93.91 |
| suse | suse_linux | 9.2 |
| x.org | x11r6 | 6.8 |
| xfree86_project | x11r6 | 4.0 |
| lesstif | lesstif | 0.93.12 |
| xfree86_project | x11r6 | 3.3.6 |
| xfree86_project | x11r6 | 3.3 |
| lesstif | lesstif | 0.93.96 |
| xfree86_project | x11r6 | 3.3.5 |
| lesstif | lesstif | 0.93.40 |
| xfree86_project | x11r6 | 4.1.11 |
| xfree86_project | x11r6 | 4.1.12 |
| lesstif | lesstif | 0.93.36 |
| redhat | fedora_core | core_3.0 |
| xfree86_project | x11r6 | 4.3.0 |
| suse | suse_linux | 8 |
| suse | suse_linux | 9.1 |
| x.org | x11r6 | 6.7.0 |
| xfree86_project | x11r6 | 4.1.0 |
| xfree86_project | x11r6 | 4.0.1 |
| xfree86_project | x11r6 | 4.0.3 |
| gentoo | linux | * |
| lesstif | lesstif | 0.93.18 |
| redhat | fedora_core | core_2.0 |
| suse | suse_linux | 9.0 |
| x.org | x11r6 | 6.8.1 |
| xfree86_project | x11r6 | 4.0.2.11 |
| xfree86_project | x11r6 | 4.2.0 |
| xfree86_project | x11r6 | 3.3.2 |
| lesstif | lesstif | 0.93.34 |
| xfree86_project | x11r6 | 3.3.3 |
| suse | suse_linux | 1.0 |
| suse | suse_linux | 8.2 |
| lesstif | lesstif | 0.93 |
| xfree86_project | x11r6 | 4.2.1 |
| xfree86_project | x11r6 | 3.3.4 |
| lesstif | lesstif | 0.93.94 |
scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_desktop | 3.0 |
| altlinux | alt_linux | 2.3 |
| mandrakesoft | mandrake_linux | 10.2 |
| xfree86_project | x11r6 | 4.0 |
| suse | suse_linux | 6.2 |
| suse | suse_linux | 6.4 |
| sgi | propack | 3.0 |
| xfree86_project | x11r6 | 3.3.5 |
| xfree86_project | x11r6 | 4.1.11 |
| xfree86_project | x11r6 | 4.1.12 |
| redhat | fedora_core | core_3.0 |
| mandrakesoft | mandrake_linux_corporate_server | 3.0 |
| xfree86_project | x11r6 | 4.1.0 |
| xfree86_project | x11r6 | 4.0.1 |
| suse | suse_linux | 6.3 |
| xfree86_project | x11r6 | 4.3.0.2 |
| suse | suse_linux | 9.0 |
| x.org | x11r6 | 6.8.1 |
| xfree86_project | x11r6 | 4.0.2.11 |
| xfree86_project | x11r6 | 3.3.2 |
| suse | suse_linux | 8.2 |
| suse | suse_linux | 7.2 |
| xfree86_project | x11r6 | 3.3.4 |
| suse | suse_linux | 8.1 |
| suse | suse_linux | 9.2 |
| x.org | x11r6 | 6.8 |
| xfree86_project | x11r6 | 3.3.6 |
| xfree86_project | x11r6 | 3.3 |
| suse | suse_linux | 8.0 |
| xfree86_project | x11r6 | 4.3.0.1 |
| redhat | enterprise_linux | 4.0 |
| xfree86_project | x11r6 | 4.3.0 |
| mandrakesoft | mandrake_linux | 10.1 |
| suse | suse_linux | 9.1 |
| x.org | x11r6 | 6.7.0 |
| xfree86_project | x11r6 | 4.0.3 |
| suse | suse_linux | 6.1 |
| mandrakesoft | mandrake_linux_corporate_server | 2.1 |
| mandrakesoft | mandrake_linux | 10.0 |
| redhat | fedora_core | core_2.0 |
| redhat | enterprise_linux_desktop | 4.0 |
| suse | suse_linux | 7.0 |
| xfree86_project | x11r6 | 4.2.0 |
| xfree86_project | x11r6 | 3.3.3 |
| redhat | enterprise_linux | 3.0 |
| suse | suse_linux | 7.1 |
| suse | suse_linux | 7.3 |
| xfree86_project | x11r6 | 4.2.1 |
| lesstif | lesstif | 0.93.94 |