MidnightBSD

Advisories for lesstif

CVE-2004-0914 HIGH

Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
suse suse_linux 8.1
lesstif lesstif 0.93.91
suse suse_linux 9.2
x.org x11r6 6.8
xfree86_project x11r6 4.0
lesstif lesstif 0.93.12
xfree86_project x11r6 3.3.6
xfree86_project x11r6 3.3
lesstif lesstif 0.93.96
xfree86_project x11r6 3.3.5
lesstif lesstif 0.93.40
xfree86_project x11r6 4.1.11
xfree86_project x11r6 4.1.12
lesstif lesstif 0.93.36
redhat fedora_core core_3.0
xfree86_project x11r6 4.3.0
suse suse_linux 8
suse suse_linux 9.1
x.org x11r6 6.7.0
xfree86_project x11r6 4.1.0
xfree86_project x11r6 4.0.1
xfree86_project x11r6 4.0.3
gentoo linux *
lesstif lesstif 0.93.18
redhat fedora_core core_2.0
suse suse_linux 9.0
x.org x11r6 6.8.1
xfree86_project x11r6 4.0.2.11
xfree86_project x11r6 4.2.0
xfree86_project x11r6 3.3.2
lesstif lesstif 0.93.34
xfree86_project x11r6 3.3.3
suse suse_linux 1.0
suse suse_linux 8.2
lesstif lesstif 0.93
xfree86_project x11r6 4.2.1
xfree86_project x11r6 3.3.4
lesstif lesstif 0.93.94
CVE-2005-0605 HIGH

scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat enterprise_linux_desktop 3.0
altlinux alt_linux 2.3
mandrakesoft mandrake_linux 10.2
xfree86_project x11r6 4.0
suse suse_linux 6.2
suse suse_linux 6.4
sgi propack 3.0
xfree86_project x11r6 3.3.5
xfree86_project x11r6 4.1.11
xfree86_project x11r6 4.1.12
redhat fedora_core core_3.0
mandrakesoft mandrake_linux_corporate_server 3.0
xfree86_project x11r6 4.1.0
xfree86_project x11r6 4.0.1
suse suse_linux 6.3
xfree86_project x11r6 4.3.0.2
suse suse_linux 9.0
x.org x11r6 6.8.1
xfree86_project x11r6 4.0.2.11
xfree86_project x11r6 3.3.2
suse suse_linux 8.2
suse suse_linux 7.2
xfree86_project x11r6 3.3.4
suse suse_linux 8.1
suse suse_linux 9.2
x.org x11r6 6.8
xfree86_project x11r6 3.3.6
xfree86_project x11r6 3.3
suse suse_linux 8.0
xfree86_project x11r6 4.3.0.1
redhat enterprise_linux 4.0
xfree86_project x11r6 4.3.0
mandrakesoft mandrake_linux 10.1
suse suse_linux 9.1
x.org x11r6 6.7.0
xfree86_project x11r6 4.0.3
suse suse_linux 6.1
mandrakesoft mandrake_linux_corporate_server 2.1
mandrakesoft mandrake_linux 10.0
redhat fedora_core core_2.0
redhat enterprise_linux_desktop 4.0
suse suse_linux 7.0
xfree86_project x11r6 4.2.0
xfree86_project x11r6 3.3.3
redhat enterprise_linux 3.0
suse suse_linux 7.1
suse suse_linux 7.3
xfree86_project x11r6 4.2.1
lesstif lesstif 0.93.94