All the vulnerabilites related to xfree86_project - x11r6
cve-2001-0955
Vulnerability from cvelistv5
Published
2002-02-02 05:00
Modified
2024-08-08 04:37
Severity ?
Summary
Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph clipping for large origins, allows attackers to cause a denial of service and possibly gain privileges via a large number of characters, possibly through the web page search form of KDE Konqueror or from an xterm command with a long title.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T04:37:07.098Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "3663",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/3663"
          },
          {
            "name": "3657",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/3657"
          },
          {
            "name": "20011207 Crashing X",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=100776624224549\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.xfree86.org/4.2.0/RELNOTES2.html#2"
          },
          {
            "name": "20011208 Re: Crashing X",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=100784290015880\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.xfree86.org/security/"
          },
          {
            "name": "xfree86-xterm-title-bo(7683)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7683"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://cvsweb.xfree86.org/cvsweb/xc/programs/Xserver/fb/fbglyph.c"
          },
          {
            "name": "xfree86-konqueror-bo(7673)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7673"
          },
          {
            "name": "20010922 XFree86 DOS / Buffer overflow local and remote.",
            "tags": [
              "mailing-list",
              "x_refsource_VULN-DEV",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=vuln-dev\u0026m=100118958310463\u0026w=2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2001-12-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph clipping for large origins, allows attackers to cause a denial of service and possibly gain privileges via a large number of characters, possibly through the web page search form of KDE Konqueror or from an xterm command with a long title."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-18T21:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "3663",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/3663"
        },
        {
          "name": "3657",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/3657"
        },
        {
          "name": "20011207 Crashing X",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=100776624224549\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.xfree86.org/4.2.0/RELNOTES2.html#2"
        },
        {
          "name": "20011208 Re: Crashing X",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=100784290015880\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.xfree86.org/security/"
        },
        {
          "name": "xfree86-xterm-title-bo(7683)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7683"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://cvsweb.xfree86.org/cvsweb/xc/programs/Xserver/fb/fbglyph.c"
        },
        {
          "name": "xfree86-konqueror-bo(7673)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7673"
        },
        {
          "name": "20010922 XFree86 DOS / Buffer overflow local and remote.",
          "tags": [
            "mailing-list",
            "x_refsource_VULN-DEV"
          ],
          "url": "http://marc.info/?l=vuln-dev\u0026m=100118958310463\u0026w=2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2001-0955",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph clipping for large origins, allows attackers to cause a denial of service and possibly gain privileges via a large number of characters, possibly through the web page search form of KDE Konqueror or from an xterm command with a long title."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "3663",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/3663"
            },
            {
              "name": "3657",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/3657"
            },
            {
              "name": "20011207 Crashing X",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=100776624224549\u0026w=2"
            },
            {
              "name": "http://www.xfree86.org/4.2.0/RELNOTES2.html#2",
              "refsource": "CONFIRM",
              "url": "http://www.xfree86.org/4.2.0/RELNOTES2.html#2"
            },
            {
              "name": "20011208 Re: Crashing X",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=100784290015880\u0026w=2"
            },
            {
              "name": "http://www.xfree86.org/security/",
              "refsource": "CONFIRM",
              "url": "http://www.xfree86.org/security/"
            },
            {
              "name": "xfree86-xterm-title-bo(7683)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7683"
            },
            {
              "name": "http://cvsweb.xfree86.org/cvsweb/xc/programs/Xserver/fb/fbglyph.c",
              "refsource": "MISC",
              "url": "http://cvsweb.xfree86.org/cvsweb/xc/programs/Xserver/fb/fbglyph.c"
            },
            {
              "name": "xfree86-konqueror-bo(7673)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7673"
            },
            {
              "name": "20010922 XFree86 DOS / Buffer overflow local and remote.",
              "refsource": "VULN-DEV",
              "url": "http://marc.info/?l=vuln-dev\u0026m=100118958310463\u0026w=2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2001-0955",
    "datePublished": "2002-02-02T05:00:00",
    "dateReserved": "2002-01-31T00:00:00",
    "dateUpdated": "2024-08-08T04:37:07.098Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2000-0285
Vulnerability from cvelistv5
Published
2000-10-13 04:00
Modified
2024-08-08 05:14
Severity ?
Summary
Buffer overflow in XFree86 3.3.x allows local users to execute arbitrary commands via a long -xkbmap parameter.
References
http://archives.neohapsis.com/archives/bugtraq/2000-04/0076.htmlmailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/bid/1306vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T05:14:21.407Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20000416 XFree86 server overflow",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2000-04/0076.html"
          },
          {
            "name": "1306",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/1306"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2000-04-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in XFree86 3.3.x allows local users to execute arbitrary commands via a long -xkbmap parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2005-11-02T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20000416 XFree86 server overflow",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2000-04/0076.html"
        },
        {
          "name": "1306",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/1306"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2000-0285",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in XFree86 3.3.x allows local users to execute arbitrary commands via a long -xkbmap parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20000416 XFree86 server overflow",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2000-04/0076.html"
            },
            {
              "name": "1306",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/1306"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2000-0285",
    "datePublished": "2000-10-13T04:00:00",
    "dateReserved": "2000-04-26T00:00:00",
    "dateUpdated": "2024-08-08T05:14:21.407Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2002-1472
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:26
Severity ?
Summary
Untrusted search path vulnerability in libX11.so in xfree86, when used in setuid or setgid programs, allows local users to gain root privileges via a modified LD_PRELOAD environment variable that points to a malicious module.
References
http://www.redhat.com/support/errata/RHSA-2003-067.htmlvendor-advisory, x_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2003-066.htmlvendor-advisory, x_refsource_REDHAT
http://www.iss.net/security_center/static/10137.phpvdb-entry, x_refsource_XF
http://archives.neohapsis.com/archives/linux/suse/2002-q3/1116.htmlvendor-advisory, x_refsource_SUSE
http://www.securityfocus.com/bid/5735vdb-entry, x_refsource_BID
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000529vendor-advisory, x_refsource_CONECTIVA
http://www.osvdb.org/11922vdb-entry, x_refsource_OSVDB
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T03:26:28.527Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2003:067",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-067.html"
          },
          {
            "name": "RHSA-2003:066",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-066.html"
          },
          {
            "name": "xfree86-x11-program-execution(10137)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/10137.php"
          },
          {
            "name": "SuSE-SA:2002:032",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/linux/suse/2002-q3/1116.html"
          },
          {
            "name": "5735",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/5735"
          },
          {
            "name": "CLA-2002:529",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000529"
          },
          {
            "name": "11922",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/11922"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2002-09-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Untrusted search path vulnerability in libX11.so in xfree86, when used in setuid or setgid programs, allows local users to gain root privileges via a modified LD_PRELOAD environment variable that points to a malicious module."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2006-09-20T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2003:067",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-067.html"
        },
        {
          "name": "RHSA-2003:066",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-066.html"
        },
        {
          "name": "xfree86-x11-program-execution(10137)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/10137.php"
        },
        {
          "name": "SuSE-SA:2002:032",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://archives.neohapsis.com/archives/linux/suse/2002-q3/1116.html"
        },
        {
          "name": "5735",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/5735"
        },
        {
          "name": "CLA-2002:529",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000529"
        },
        {
          "name": "11922",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/11922"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-1472",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Untrusted search path vulnerability in libX11.so in xfree86, when used in setuid or setgid programs, allows local users to gain root privileges via a modified LD_PRELOAD environment variable that points to a malicious module."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2003:067",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2003-067.html"
            },
            {
              "name": "RHSA-2003:066",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2003-066.html"
            },
            {
              "name": "xfree86-x11-program-execution(10137)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/10137.php"
            },
            {
              "name": "SuSE-SA:2002:032",
              "refsource": "SUSE",
              "url": "http://archives.neohapsis.com/archives/linux/suse/2002-q3/1116.html"
            },
            {
              "name": "5735",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/5735"
            },
            {
              "name": "CLA-2002:529",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000529"
            },
            {
              "name": "11922",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/11922"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-1472",
    "datePublished": "2004-09-01T04:00:00",
    "dateReserved": "2003-02-05T00:00:00",
    "dateUpdated": "2024-08-08T03:26:28.527Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-1351
Vulnerability from cvelistv5
Published
2007-04-06 01:00
Modified
2024-08-07 12:50
Severity ?
Summary
Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.
References
http://www.redhat.com/support/errata/RHSA-2007-0150.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/24745third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/24921third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1810vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/33937third-party-advisory, x_refsource_SECUNIA
http://www.trustix.org/errata/2007/0013/vendor-advisory, x_refsource_TRUSTIX
http://secunia.com/advisories/24771third-party-advisory, x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-200705-02.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/24889third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/24770third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/25006third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/24756third-party-advisory, x_refsource_SECUNIA
http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=498954x_refsource_CONFIRM
http://secunia.com/advisories/25495third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/24996third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/23283vdb-entry, x_refsource_BID
http://www.redhat.com/support/errata/RHSA-2007-0126.htmlvendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/23300vdb-entry, x_refsource_BID
http://support.apple.com/kb/HT3438x_refsource_CONFIRM
http://security.gentoo.org/glsa/glsa-200705-10.xmlvendor-advisory, x_refsource_GENTOO
http://www.ubuntu.com/usn/usn-448-1vendor-advisory, x_refsource_UBUNTU
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.htmlvendor-advisory, x_refsource_APPLE
http://www.mandriva.com/security/advisories?name=MDKSA-2007:080vendor-advisory, x_refsource_MANDRIVA
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.626733vendor-advisory, x_refsource_SLACKWARE
http://www.novell.com/linux/security/advisories/2007_6_sr.htmlvendor-advisory, x_refsource_SUSE
http://www.mandriva.com/security/advisories?name=MDKSA-2007:081vendor-advisory, x_refsource_MANDRIVA
http://www.debian.org/security/2008/dsa-1454vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/24758third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/1264vdb-entry, x_refsource_VUPEN
http://www.securitytracker.com/id?1017857vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/24885third-party-advisory, x_refsource_SECUNIA
http://support.avaya.com/elmodocs2/security/ASA-2007-178.htmx_refsource_CONFIRM
http://secunia.com/advisories/25096third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/25195third-party-advisory, x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2007-0125.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/24741third-party-advisory, x_refsource_SECUNIA
http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.htmlvendor-advisory, x_refsource_APPLE
http://secunia.com/advisories/24776third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/28333third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/24768third-party-advisory, x_refsource_SECUNIA
http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.htmlmailing-list, x_refsource_MLIST
http://secunia.com/advisories/24791third-party-advisory, x_refsource_SECUNIA
http://www.novell.com/linux/security/advisories/2007_27_x.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/30161third-party-advisory, x_refsource_SECUNIA
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xmlvendor-advisory, x_refsource_GENTOO
http://sourceforge.net/project/shownotes.php?release_id=498954x_refsource_CONFIRM
http://www.debian.org/security/2007/dsa-1294vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/24765third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/25216third-party-advisory, x_refsource_SECUNIA
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501third-party-advisory, x_refsource_IDEFENSE
http://www.securityfocus.com/archive/1/464686/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/464816/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.vupen.com/english/advisories/2007/1548vdb-entry, x_refsource_VUPEN
https://exchange.xforce.ibmcloud.com/vulnerabilities/33417vdb-entry, x_refsource_XF
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1vendor-advisory, x_refsource_SUNALERT
http://www.vupen.com/english/advisories/2007/1217vdb-entry, x_refsource_VUPEN
http://www.openbsd.org/errata40.html#011_xorgvendor-advisory, x_refsource_OPENBSD
https://issues.rpath.com/browse/RPL-1213x_refsource_CONFIRM
http://www.securityfocus.com/bid/23402vdb-entry, x_refsource_BID
http://secunia.com/advisories/25004third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/25305third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11266vdb-entry, signature, x_refsource_OVAL
http://www.redhat.com/support/errata/RHSA-2007-0132.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/24772third-party-advisory, x_refsource_SECUNIA
http://support.avaya.com/elmodocs2/security/ASA-2007-193.htmx_refsource_CONFIRM
http://www.openbsd.org/errata39.html#021_xorgvendor-advisory, x_refsource_OPENBSD
http://issues.foresightlinux.org/browse/FL-223x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDKSA-2007:079vendor-advisory, x_refsource_MANDRIVA
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:50:35.134Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2007:0150",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0150.html"
          },
          {
            "name": "24745",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24745"
          },
          {
            "name": "24921",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24921"
          },
          {
            "name": "oval:org.mitre.oval:def:1810",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1810"
          },
          {
            "name": "33937",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33937"
          },
          {
            "name": "2007-0013",
            "tags": [
              "vendor-advisory",
              "x_refsource_TRUSTIX",
              "x_transferred"
            ],
            "url": "http://www.trustix.org/errata/2007/0013/"
          },
          {
            "name": "24771",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24771"
          },
          {
            "name": "GLSA-200705-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200705-02.xml"
          },
          {
            "name": "24889",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24889"
          },
          {
            "name": "24770",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24770"
          },
          {
            "name": "25006",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25006"
          },
          {
            "name": "24756",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24756"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?group_id=3157\u0026release_id=498954"
          },
          {
            "name": "25495",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25495"
          },
          {
            "name": "24996",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24996"
          },
          {
            "name": "23283",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/23283"
          },
          {
            "name": "RHSA-2007:0126",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0126.html"
          },
          {
            "name": "23300",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/23300"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3438"
          },
          {
            "name": "GLSA-200705-10",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200705-10.xml"
          },
          {
            "name": "USN-448-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-448-1"
          },
          {
            "name": "APPLE-SA-2009-02-12",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
          },
          {
            "name": "MDKSA-2007:080",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:080"
          },
          {
            "name": "SSA:2007-109-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.626733"
          },
          {
            "name": "SUSE-SR:2007:006",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_6_sr.html"
          },
          {
            "name": "MDKSA-2007:081",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:081"
          },
          {
            "name": "DSA-1454",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1454"
          },
          {
            "name": "24758",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24758"
          },
          {
            "name": "ADV-2007-1264",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1264"
          },
          {
            "name": "1017857",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1017857"
          },
          {
            "name": "24885",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24885"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm"
          },
          {
            "name": "25096",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25096"
          },
          {
            "name": "25195",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25195"
          },
          {
            "name": "RHSA-2007:0125",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2007-0125.html"
          },
          {
            "name": "24741",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24741"
          },
          {
            "name": "APPLE-SA-2007-11-14",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html"
          },
          {
            "name": "24776",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24776"
          },
          {
            "name": "28333",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28333"
          },
          {
            "name": "24768",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24768"
          },
          {
            "name": "[xorg-announce] 20070403 various integer overflow vulnerabilites in xserver, libX11 and libXfont",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html"
          },
          {
            "name": "24791",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24791"
          },
          {
            "name": "SUSE-SA:2007:027",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_27_x.html"
          },
          {
            "name": "30161",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30161"
          },
          {
            "name": "GLSA-200805-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?release_id=498954"
          },
          {
            "name": "DSA-1294",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2007/dsa-1294"
          },
          {
            "name": "24765",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24765"
          },
          {
            "name": "25216",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25216"
          },
          {
            "name": "20070403 Multiple Vendor X Server BDF Font Parsing Integer Overflow Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501"
          },
          {
            "name": "20070404 rPSA-2007-0065-1 freetype xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/464686/100/0/threaded"
          },
          {
            "name": "20070405 FLEA-2007-0009-1: xorg-x11 freetype",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/464816/100/0/threaded"
          },
          {
            "name": "ADV-2007-1548",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1548"
          },
          {
            "name": "xorg-bdf-font-bo(33417)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33417"
          },
          {
            "name": "102886",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1"
          },
          {
            "name": "ADV-2007-1217",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1217"
          },
          {
            "name": "[4.0] 011: SECURITY FIX: April 4, 2007",
            "tags": [
              "vendor-advisory",
              "x_refsource_OPENBSD",
              "x_transferred"
            ],
            "url": "http://www.openbsd.org/errata40.html#011_xorg"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-1213"
          },
          {
            "name": "23402",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/23402"
          },
          {
            "name": "25004",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25004"
          },
          {
            "name": "25305",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25305"
          },
          {
            "name": "oval:org.mitre.oval:def:11266",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11266"
          },
          {
            "name": "RHSA-2007:0132",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0132.html"
          },
          {
            "name": "24772",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24772"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-193.htm"
          },
          {
            "name": "[3.9] 021: SECURITY FIX: April 4, 2007",
            "tags": [
              "vendor-advisory",
              "x_refsource_OPENBSD",
              "x_transferred"
            ],
            "url": "http://www.openbsd.org/errata39.html#021_xorg"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://issues.foresightlinux.org/browse/FL-223"
          },
          {
            "name": "MDKSA-2007:079",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:079"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-04-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2007:0150",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0150.html"
        },
        {
          "name": "24745",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24745"
        },
        {
          "name": "24921",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24921"
        },
        {
          "name": "oval:org.mitre.oval:def:1810",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1810"
        },
        {
          "name": "33937",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33937"
        },
        {
          "name": "2007-0013",
          "tags": [
            "vendor-advisory",
            "x_refsource_TRUSTIX"
          ],
          "url": "http://www.trustix.org/errata/2007/0013/"
        },
        {
          "name": "24771",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24771"
        },
        {
          "name": "GLSA-200705-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200705-02.xml"
        },
        {
          "name": "24889",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24889"
        },
        {
          "name": "24770",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24770"
        },
        {
          "name": "25006",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25006"
        },
        {
          "name": "24756",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24756"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?group_id=3157\u0026release_id=498954"
        },
        {
          "name": "25495",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25495"
        },
        {
          "name": "24996",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24996"
        },
        {
          "name": "23283",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/23283"
        },
        {
          "name": "RHSA-2007:0126",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0126.html"
        },
        {
          "name": "23300",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/23300"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3438"
        },
        {
          "name": "GLSA-200705-10",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200705-10.xml"
        },
        {
          "name": "USN-448-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-448-1"
        },
        {
          "name": "APPLE-SA-2009-02-12",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
        },
        {
          "name": "MDKSA-2007:080",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:080"
        },
        {
          "name": "SSA:2007-109-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.626733"
        },
        {
          "name": "SUSE-SR:2007:006",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_6_sr.html"
        },
        {
          "name": "MDKSA-2007:081",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:081"
        },
        {
          "name": "DSA-1454",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1454"
        },
        {
          "name": "24758",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24758"
        },
        {
          "name": "ADV-2007-1264",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1264"
        },
        {
          "name": "1017857",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1017857"
        },
        {
          "name": "24885",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24885"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm"
        },
        {
          "name": "25096",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25096"
        },
        {
          "name": "25195",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25195"
        },
        {
          "name": "RHSA-2007:0125",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2007-0125.html"
        },
        {
          "name": "24741",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24741"
        },
        {
          "name": "APPLE-SA-2007-11-14",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html"
        },
        {
          "name": "24776",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24776"
        },
        {
          "name": "28333",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28333"
        },
        {
          "name": "24768",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24768"
        },
        {
          "name": "[xorg-announce] 20070403 various integer overflow vulnerabilites in xserver, libX11 and libXfont",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html"
        },
        {
          "name": "24791",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24791"
        },
        {
          "name": "SUSE-SA:2007:027",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_27_x.html"
        },
        {
          "name": "30161",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30161"
        },
        {
          "name": "GLSA-200805-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?release_id=498954"
        },
        {
          "name": "DSA-1294",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2007/dsa-1294"
        },
        {
          "name": "24765",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24765"
        },
        {
          "name": "25216",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25216"
        },
        {
          "name": "20070403 Multiple Vendor X Server BDF Font Parsing Integer Overflow Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501"
        },
        {
          "name": "20070404 rPSA-2007-0065-1 freetype xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/464686/100/0/threaded"
        },
        {
          "name": "20070405 FLEA-2007-0009-1: xorg-x11 freetype",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/464816/100/0/threaded"
        },
        {
          "name": "ADV-2007-1548",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1548"
        },
        {
          "name": "xorg-bdf-font-bo(33417)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33417"
        },
        {
          "name": "102886",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1"
        },
        {
          "name": "ADV-2007-1217",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1217"
        },
        {
          "name": "[4.0] 011: SECURITY FIX: April 4, 2007",
          "tags": [
            "vendor-advisory",
            "x_refsource_OPENBSD"
          ],
          "url": "http://www.openbsd.org/errata40.html#011_xorg"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-1213"
        },
        {
          "name": "23402",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/23402"
        },
        {
          "name": "25004",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25004"
        },
        {
          "name": "25305",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25305"
        },
        {
          "name": "oval:org.mitre.oval:def:11266",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11266"
        },
        {
          "name": "RHSA-2007:0132",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0132.html"
        },
        {
          "name": "24772",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24772"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-193.htm"
        },
        {
          "name": "[3.9] 021: SECURITY FIX: April 4, 2007",
          "tags": [
            "vendor-advisory",
            "x_refsource_OPENBSD"
          ],
          "url": "http://www.openbsd.org/errata39.html#021_xorg"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://issues.foresightlinux.org/browse/FL-223"
        },
        {
          "name": "MDKSA-2007:079",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:079"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2007-1351",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2007:0150",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0150.html"
            },
            {
              "name": "24745",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24745"
            },
            {
              "name": "24921",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24921"
            },
            {
              "name": "oval:org.mitre.oval:def:1810",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1810"
            },
            {
              "name": "33937",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33937"
            },
            {
              "name": "2007-0013",
              "refsource": "TRUSTIX",
              "url": "http://www.trustix.org/errata/2007/0013/"
            },
            {
              "name": "24771",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24771"
            },
            {
              "name": "GLSA-200705-02",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200705-02.xml"
            },
            {
              "name": "24889",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24889"
            },
            {
              "name": "24770",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24770"
            },
            {
              "name": "25006",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25006"
            },
            {
              "name": "24756",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24756"
            },
            {
              "name": "http://sourceforge.net/project/shownotes.php?group_id=3157\u0026release_id=498954",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/project/shownotes.php?group_id=3157\u0026release_id=498954"
            },
            {
              "name": "25495",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25495"
            },
            {
              "name": "24996",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24996"
            },
            {
              "name": "23283",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/23283"
            },
            {
              "name": "RHSA-2007:0126",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0126.html"
            },
            {
              "name": "23300",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/23300"
            },
            {
              "name": "http://support.apple.com/kb/HT3438",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT3438"
            },
            {
              "name": "GLSA-200705-10",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200705-10.xml"
            },
            {
              "name": "USN-448-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-448-1"
            },
            {
              "name": "APPLE-SA-2009-02-12",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
            },
            {
              "name": "MDKSA-2007:080",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:080"
            },
            {
              "name": "SSA:2007-109-01",
              "refsource": "SLACKWARE",
              "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.626733"
            },
            {
              "name": "SUSE-SR:2007:006",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2007_6_sr.html"
            },
            {
              "name": "MDKSA-2007:081",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:081"
            },
            {
              "name": "DSA-1454",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2008/dsa-1454"
            },
            {
              "name": "24758",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24758"
            },
            {
              "name": "ADV-2007-1264",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/1264"
            },
            {
              "name": "1017857",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1017857"
            },
            {
              "name": "24885",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24885"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm"
            },
            {
              "name": "25096",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25096"
            },
            {
              "name": "25195",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25195"
            },
            {
              "name": "RHSA-2007:0125",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2007-0125.html"
            },
            {
              "name": "24741",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24741"
            },
            {
              "name": "APPLE-SA-2007-11-14",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html"
            },
            {
              "name": "24776",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24776"
            },
            {
              "name": "28333",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28333"
            },
            {
              "name": "24768",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24768"
            },
            {
              "name": "[xorg-announce] 20070403 various integer overflow vulnerabilites in xserver, libX11 and libXfont",
              "refsource": "MLIST",
              "url": "http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html"
            },
            {
              "name": "24791",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24791"
            },
            {
              "name": "SUSE-SA:2007:027",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2007_27_x.html"
            },
            {
              "name": "30161",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30161"
            },
            {
              "name": "GLSA-200805-07",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
            },
            {
              "name": "http://sourceforge.net/project/shownotes.php?release_id=498954",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/project/shownotes.php?release_id=498954"
            },
            {
              "name": "DSA-1294",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2007/dsa-1294"
            },
            {
              "name": "24765",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24765"
            },
            {
              "name": "25216",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25216"
            },
            {
              "name": "20070403 Multiple Vendor X Server BDF Font Parsing Integer Overflow Vulnerability",
              "refsource": "IDEFENSE",
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501"
            },
            {
              "name": "20070404 rPSA-2007-0065-1 freetype xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/464686/100/0/threaded"
            },
            {
              "name": "20070405 FLEA-2007-0009-1: xorg-x11 freetype",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/464816/100/0/threaded"
            },
            {
              "name": "ADV-2007-1548",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/1548"
            },
            {
              "name": "xorg-bdf-font-bo(33417)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33417"
            },
            {
              "name": "102886",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1"
            },
            {
              "name": "ADV-2007-1217",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/1217"
            },
            {
              "name": "[4.0] 011: SECURITY FIX: April 4, 2007",
              "refsource": "OPENBSD",
              "url": "http://www.openbsd.org/errata40.html#011_xorg"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-1213",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-1213"
            },
            {
              "name": "23402",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/23402"
            },
            {
              "name": "25004",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25004"
            },
            {
              "name": "25305",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25305"
            },
            {
              "name": "oval:org.mitre.oval:def:11266",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11266"
            },
            {
              "name": "RHSA-2007:0132",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0132.html"
            },
            {
              "name": "24772",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24772"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-193.htm",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-193.htm"
            },
            {
              "name": "[3.9] 021: SECURITY FIX: April 4, 2007",
              "refsource": "OPENBSD",
              "url": "http://www.openbsd.org/errata39.html#021_xorg"
            },
            {
              "name": "http://issues.foresightlinux.org/browse/FL-223",
              "refsource": "CONFIRM",
              "url": "http://issues.foresightlinux.org/browse/FL-223"
            },
            {
              "name": "MDKSA-2007:079",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:079"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2007-1351",
    "datePublished": "2007-04-06T01:00:00",
    "dateReserved": "2007-03-08T00:00:00",
    "dateUpdated": "2024-08-07T12:50:35.134Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2004-0083
Vulnerability from cvelistv5
Published
2004-02-14 05:00
Modified
2024-08-08 00:01
Severity ?
Summary
Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106.
References
http://www.novell.com/linux/security/advisories/2004_06_xf86.htmlvendor-advisory, x_refsource_SUSE
http://www.redhat.com/support/errata/RHSA-2004-060.htmlvendor-advisory, x_refsource_REDHAT
https://exchange.xforce.ibmcloud.com/vulnerabilities/15130vdb-entry, x_refsource_XF
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1vendor-advisory, x_refsource_SUNALERT
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821vendor-advisory, x_refsource_CONECTIVA
http://www.idefense.com/application/poi/display?id=72x_refsource_MISC
http://www.securityfocus.com/bid/9636vdb-entry, x_refsource_BID
http://security.gentoo.org/glsa/glsa-200402-02.xmlvendor-advisory, x_refsource_GENTOO
http://marc.info/?l=bugtraq&m=107644835523678&w=2mailing-list, x_refsource_BUGTRAQ
http://marc.info/?l=bugtraq&m=110979666528890&w=2vendor-advisory, x_refsource_FEDORA
http://www.debian.org/security/2004/dsa-443vendor-advisory, x_refsource_DEBIAN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A806vdb-entry, signature, x_refsource_OVAL
http://www.mandriva.com/security/advisories?name=MDKSA-2004:012vendor-advisory, x_refsource_MANDRAKE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A830vdb-entry, signature, x_refsource_OVAL
http://www.redhat.com/support/errata/RHSA-2004-059.htmlvendor-advisory, x_refsource_REDHAT
http://www.xfree86.org/cvs/changesx_refsource_CONFIRM
http://www.kb.cert.org/vuls/id/820006third-party-advisory, x_refsource_CERT-VN
http://marc.info/?l=bugtraq&m=107653324115914&w=2mailing-list, x_refsource_BUGTRAQ
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9612vdb-entry, signature, x_refsource_OVAL
http://www.redhat.com/support/errata/RHSA-2004-061.htmlvendor-advisory, x_refsource_REDHAT
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053vendor-advisory, x_refsource_SLACKWARE
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:01:23.635Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SuSE-SA:2004:006",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2004_06_xf86.html"
          },
          {
            "name": "RHSA-2004:060",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2004-060.html"
          },
          {
            "name": "xfree86-fontalias-bo(15130)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15130"
          },
          {
            "name": "57768",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1"
          },
          {
            "name": "CLA-2004:821",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.idefense.com/application/poi/display?id=72"
          },
          {
            "name": "9636",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/9636"
          },
          {
            "name": "GLSA-200402-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200402-02.xml"
          },
          {
            "name": "20040210 iDEFENSESecurityAdvisory02.10.04: XFree86FontInformationFileBufferOverflow",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=107644835523678\u0026w=2"
          },
          {
            "name": "FLSA:2314",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=110979666528890\u0026w=2"
          },
          {
            "name": "DSA-443",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2004/dsa-443"
          },
          {
            "name": "oval:org.mitre.oval:def:806",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A806"
          },
          {
            "name": "MDKSA-2004:012",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:012"
          },
          {
            "name": "oval:org.mitre.oval:def:830",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A830"
          },
          {
            "name": "RHSA-2004:059",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2004-059.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.xfree86.org/cvs/changes"
          },
          {
            "name": "VU#820006",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/820006"
          },
          {
            "name": "20040211 XFree86 vulnerability exploit",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=107653324115914\u0026w=2"
          },
          {
            "name": "oval:org.mitre.oval:def:9612",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9612"
          },
          {
            "name": "RHSA-2004:061",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2004-061.html"
          },
          {
            "name": "SSA:2004-043",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-02-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "SuSE-SA:2004:006",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2004_06_xf86.html"
        },
        {
          "name": "RHSA-2004:060",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2004-060.html"
        },
        {
          "name": "xfree86-fontalias-bo(15130)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15130"
        },
        {
          "name": "57768",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1"
        },
        {
          "name": "CLA-2004:821",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.idefense.com/application/poi/display?id=72"
        },
        {
          "name": "9636",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/9636"
        },
        {
          "name": "GLSA-200402-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200402-02.xml"
        },
        {
          "name": "20040210 iDEFENSESecurityAdvisory02.10.04: XFree86FontInformationFileBufferOverflow",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=107644835523678\u0026w=2"
        },
        {
          "name": "FLSA:2314",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=110979666528890\u0026w=2"
        },
        {
          "name": "DSA-443",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2004/dsa-443"
        },
        {
          "name": "oval:org.mitre.oval:def:806",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A806"
        },
        {
          "name": "MDKSA-2004:012",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:012"
        },
        {
          "name": "oval:org.mitre.oval:def:830",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A830"
        },
        {
          "name": "RHSA-2004:059",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2004-059.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.xfree86.org/cvs/changes"
        },
        {
          "name": "VU#820006",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/820006"
        },
        {
          "name": "20040211 XFree86 vulnerability exploit",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=107653324115914\u0026w=2"
        },
        {
          "name": "oval:org.mitre.oval:def:9612",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9612"
        },
        {
          "name": "RHSA-2004:061",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2004-061.html"
        },
        {
          "name": "SSA:2004-043",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-0083",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SuSE-SA:2004:006",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2004_06_xf86.html"
            },
            {
              "name": "RHSA-2004:060",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2004-060.html"
            },
            {
              "name": "xfree86-fontalias-bo(15130)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15130"
            },
            {
              "name": "57768",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1"
            },
            {
              "name": "CLA-2004:821",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821"
            },
            {
              "name": "http://www.idefense.com/application/poi/display?id=72",
              "refsource": "MISC",
              "url": "http://www.idefense.com/application/poi/display?id=72"
            },
            {
              "name": "9636",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/9636"
            },
            {
              "name": "GLSA-200402-02",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200402-02.xml"
            },
            {
              "name": "20040210 iDEFENSESecurityAdvisory02.10.04: XFree86FontInformationFileBufferOverflow",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=107644835523678\u0026w=2"
            },
            {
              "name": "FLSA:2314",
              "refsource": "FEDORA",
              "url": "http://marc.info/?l=bugtraq\u0026m=110979666528890\u0026w=2"
            },
            {
              "name": "DSA-443",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2004/dsa-443"
            },
            {
              "name": "oval:org.mitre.oval:def:806",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A806"
            },
            {
              "name": "MDKSA-2004:012",
              "refsource": "MANDRAKE",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:012"
            },
            {
              "name": "oval:org.mitre.oval:def:830",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A830"
            },
            {
              "name": "RHSA-2004:059",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2004-059.html"
            },
            {
              "name": "http://www.xfree86.org/cvs/changes",
              "refsource": "CONFIRM",
              "url": "http://www.xfree86.org/cvs/changes"
            },
            {
              "name": "VU#820006",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/820006"
            },
            {
              "name": "20040211 XFree86 vulnerability exploit",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=107653324115914\u0026w=2"
            },
            {
              "name": "oval:org.mitre.oval:def:9612",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9612"
            },
            {
              "name": "RHSA-2004:061",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2004-061.html"
            },
            {
              "name": "SSA:2004-043",
              "refsource": "SLACKWARE",
              "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-0083",
    "datePublished": "2004-02-14T05:00:00",
    "dateReserved": "2004-01-19T00:00:00",
    "dateUpdated": "2024-08-08T00:01:23.635Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2005-0605
Vulnerability from cvelistv5
Published
2005-03-04 05:00
Modified
2024-08-07 21:21
Severity ?
Summary
scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.
References
http://www.redhat.com/support/errata/RHSA-2005-331.htmlvendor-advisory, x_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2005-412.htmlvendor-advisory, x_refsource_REDHAT
http://securitytracker.com/id?1013339vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/18049third-party-advisory, x_refsource_SECUNIA
ftp://patches.sgi.com/support/free/security/advisories/20060403-01-Uvendor-advisory, x_refsource_SGI
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.5/SCOSA-2006.5.txtvendor-advisory, x_refsource_SCO
http://bugs.gentoo.org/show_bug.cgi?id=83598x_refsource_CONFIRM
http://www.gentoo.org/security/en/glsa/glsa-200503-15.xmlvendor-advisory, x_refsource_GENTOO
http://www.debian.org/security/2005/dsa-723vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/19624third-party-advisory, x_refsource_SECUNIA
https://bugs.freedesktop.org/attachment.cgi?id=1909x_refsource_CONFIRM
http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.htmlvendor-advisory, x_refsource_APPLE
http://secunia.com/advisories/18316third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/14460third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2005-198.htmlvendor-advisory, x_refsource_REDHAT
http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.htmlvendor-advisory, x_refsource_FEDORA
http://www.redhat.com/support/errata/RHSA-2005-044.htmlvendor-advisory, x_refsource_REDHAT
http://security.gentoo.org/glsa/glsa-200503-08.xmlvendor-advisory, x_refsource_GENTOO
http://www.securityfocus.com/bid/12714vdb-entry, x_refsource_BID
http://www.redhat.com/support/errata/RHSA-2008-0261.htmlvendor-advisory, x_refsource_REDHAT
http://bugs.gentoo.org/show_bug.cgi?id=83655x_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2005-473.htmlvendor-advisory, x_refsource_REDHAT
http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.htmlvendor-advisory, x_refsource_APPLE
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.57/SCOSA-2005.57.txtvendor-advisory, x_refsource_SCO
https://usn.ubuntu.com/97-1/vendor-advisory, x_refsource_UBUNTU
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10411vdb-entry, signature, x_refsource_OVAL
https://usn.ubuntu.com/92-1/vendor-advisory, x_refsource_UBUNTU
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T21:21:06.249Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2005:331",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2005-331.html"
          },
          {
            "name": "RHSA-2005:412",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2005-412.html"
          },
          {
            "name": "1013339",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1013339"
          },
          {
            "name": "18049",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18049"
          },
          {
            "name": "20060403-01-U",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20060403-01-U"
          },
          {
            "name": "SCOSA-2006.5",
            "tags": [
              "vendor-advisory",
              "x_refsource_SCO",
              "x_transferred"
            ],
            "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.5/SCOSA-2006.5.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.gentoo.org/show_bug.cgi?id=83598"
          },
          {
            "name": "GLSA-200503-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200503-15.xml"
          },
          {
            "name": "DSA-723",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2005/dsa-723"
          },
          {
            "name": "19624",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19624"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.freedesktop.org/attachment.cgi?id=1909"
          },
          {
            "name": "APPLE-SA-2005-08-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
          },
          {
            "name": "18316",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18316"
          },
          {
            "name": "14460",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/14460"
          },
          {
            "name": "RHSA-2005:198",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2005-198.html"
          },
          {
            "name": "FLSA-2006:152803",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html"
          },
          {
            "name": "RHSA-2005:044",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2005-044.html"
          },
          {
            "name": "GLSA-200503-08",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200503-08.xml"
          },
          {
            "name": "12714",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/12714"
          },
          {
            "name": "RHSA-2008:0261",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.gentoo.org/show_bug.cgi?id=83655"
          },
          {
            "name": "RHSA-2005:473",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2005-473.html"
          },
          {
            "name": "APPLE-SA-2005-08-17",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
          },
          {
            "name": "SCOSA-2005.57",
            "tags": [
              "vendor-advisory",
              "x_refsource_SCO",
              "x_transferred"
            ],
            "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.57/SCOSA-2005.57.txt"
          },
          {
            "name": "USN-97-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/97-1/"
          },
          {
            "name": "oval:org.mitre.oval:def:10411",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10411"
          },
          {
            "name": "USN-92-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/92-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-03-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-03T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2005:331",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2005-331.html"
        },
        {
          "name": "RHSA-2005:412",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2005-412.html"
        },
        {
          "name": "1013339",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1013339"
        },
        {
          "name": "18049",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18049"
        },
        {
          "name": "20060403-01-U",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20060403-01-U"
        },
        {
          "name": "SCOSA-2006.5",
          "tags": [
            "vendor-advisory",
            "x_refsource_SCO"
          ],
          "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.5/SCOSA-2006.5.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.gentoo.org/show_bug.cgi?id=83598"
        },
        {
          "name": "GLSA-200503-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200503-15.xml"
        },
        {
          "name": "DSA-723",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2005/dsa-723"
        },
        {
          "name": "19624",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19624"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.freedesktop.org/attachment.cgi?id=1909"
        },
        {
          "name": "APPLE-SA-2005-08-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
        },
        {
          "name": "18316",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18316"
        },
        {
          "name": "14460",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/14460"
        },
        {
          "name": "RHSA-2005:198",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2005-198.html"
        },
        {
          "name": "FLSA-2006:152803",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html"
        },
        {
          "name": "RHSA-2005:044",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2005-044.html"
        },
        {
          "name": "GLSA-200503-08",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200503-08.xml"
        },
        {
          "name": "12714",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/12714"
        },
        {
          "name": "RHSA-2008:0261",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.gentoo.org/show_bug.cgi?id=83655"
        },
        {
          "name": "RHSA-2005:473",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2005-473.html"
        },
        {
          "name": "APPLE-SA-2005-08-17",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
        },
        {
          "name": "SCOSA-2005.57",
          "tags": [
            "vendor-advisory",
            "x_refsource_SCO"
          ],
          "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.57/SCOSA-2005.57.txt"
        },
        {
          "name": "USN-97-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/97-1/"
        },
        {
          "name": "oval:org.mitre.oval:def:10411",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10411"
        },
        {
          "name": "USN-92-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/92-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-0605",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2005:331",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2005-331.html"
            },
            {
              "name": "RHSA-2005:412",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2005-412.html"
            },
            {
              "name": "1013339",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1013339"
            },
            {
              "name": "18049",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18049"
            },
            {
              "name": "20060403-01-U",
              "refsource": "SGI",
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20060403-01-U"
            },
            {
              "name": "SCOSA-2006.5",
              "refsource": "SCO",
              "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.5/SCOSA-2006.5.txt"
            },
            {
              "name": "http://bugs.gentoo.org/show_bug.cgi?id=83598",
              "refsource": "CONFIRM",
              "url": "http://bugs.gentoo.org/show_bug.cgi?id=83598"
            },
            {
              "name": "GLSA-200503-15",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200503-15.xml"
            },
            {
              "name": "DSA-723",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2005/dsa-723"
            },
            {
              "name": "19624",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19624"
            },
            {
              "name": "https://bugs.freedesktop.org/attachment.cgi?id=1909",
              "refsource": "CONFIRM",
              "url": "https://bugs.freedesktop.org/attachment.cgi?id=1909"
            },
            {
              "name": "APPLE-SA-2005-08-15",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
            },
            {
              "name": "18316",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18316"
            },
            {
              "name": "14460",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/14460"
            },
            {
              "name": "RHSA-2005:198",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2005-198.html"
            },
            {
              "name": "FLSA-2006:152803",
              "refsource": "FEDORA",
              "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html"
            },
            {
              "name": "RHSA-2005:044",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2005-044.html"
            },
            {
              "name": "GLSA-200503-08",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200503-08.xml"
            },
            {
              "name": "12714",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/12714"
            },
            {
              "name": "RHSA-2008:0261",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
            },
            {
              "name": "http://bugs.gentoo.org/show_bug.cgi?id=83655",
              "refsource": "CONFIRM",
              "url": "http://bugs.gentoo.org/show_bug.cgi?id=83655"
            },
            {
              "name": "RHSA-2005:473",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2005-473.html"
            },
            {
              "name": "APPLE-SA-2005-08-17",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
            },
            {
              "name": "SCOSA-2005.57",
              "refsource": "SCO",
              "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.57/SCOSA-2005.57.txt"
            },
            {
              "name": "USN-97-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/97-1/"
            },
            {
              "name": "oval:org.mitre.oval:def:10411",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10411"
            },
            {
              "name": "USN-92-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/92-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-0605",
    "datePublished": "2005-03-04T05:00:00",
    "dateReserved": "2005-03-01T00:00:00",
    "dateUpdated": "2024-08-07T21:21:06.249Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2000-0453
Vulnerability from cvelistv5
Published
2000-07-12 04:00
Modified
2024-08-08 05:21
Severity ?
Summary
XFree86 3.3.x and 4.0 allows a user to cause a denial of service via a negative counter value in a malformed TCP packet that is sent to port 6000.
References
http://archives.neohapsis.com/archives/bugtraq/2000-05/0223.htmlmailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/bid/1235vdb-entry, x_refsource_BID
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-012.0.txtvendor-advisory, x_refsource_CALDERA
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T05:21:29.681Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20000518 Nasty XFree Xserver DoS",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0223.html"
          },
          {
            "name": "1235",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/1235"
          },
          {
            "name": "CSSA-2000-012.0",
            "tags": [
              "vendor-advisory",
              "x_refsource_CALDERA",
              "x_transferred"
            ],
            "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-012.0.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2000-05-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "XFree86 3.3.x and 4.0 allows a user to cause a denial of service via a negative counter value in a malformed TCP packet that is sent to port 6000."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2005-11-02T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20000518 Nasty XFree Xserver DoS",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0223.html"
        },
        {
          "name": "1235",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/1235"
        },
        {
          "name": "CSSA-2000-012.0",
          "tags": [
            "vendor-advisory",
            "x_refsource_CALDERA"
          ],
          "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-012.0.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2000-0453",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "XFree86 3.3.x and 4.0 allows a user to cause a denial of service via a negative counter value in a malformed TCP packet that is sent to port 6000."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20000518 Nasty XFree Xserver DoS",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0223.html"
            },
            {
              "name": "1235",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/1235"
            },
            {
              "name": "CSSA-2000-012.0",
              "refsource": "CALDERA",
              "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-012.0.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2000-0453",
    "datePublished": "2000-07-12T04:00:00",
    "dateReserved": "2000-06-14T00:00:00",
    "dateUpdated": "2024-08-08T05:21:29.681Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2004-0688
Vulnerability from cvelistv5
Published
2004-09-24 04:00
Modified
2024-08-08 00:24
Severity ?
Summary
Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.
References
http://www.kb.cert.org/vuls/id/537878third-party-advisory, x_refsource_CERT-VN
http://www.redhat.com/support/errata/RHSA-2005-004.htmlvendor-advisory, x_refsource_REDHAT
https://usn.ubuntu.com/27-1/vendor-advisory, x_refsource_UBUNTU
http://www.vupen.com/english/advisories/2006/1914vdb-entry, x_refsource_VUPEN
http://www.gentoo.org/security/en/glsa/glsa-200409-34.xmlvendor-advisory, x_refsource_GENTOO
http://www.us-cert.gov/cas/techalerts/TA05-136A.htmlthird-party-advisory, x_refsource_CERT
http://www.mandriva.com/security/advisories?name=MDKSA-2004:098vendor-advisory, x_refsource_MANDRAKE
http://www.securityfocus.com/archive/1/434715/100/0/threadedvendor-advisory, x_refsource_HP
http://www.redhat.com/support/errata/RHSA-2004-537.htmlvendor-advisory, x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=109530851323415&w=2mailing-list, x_refsource_BUGTRAQ
http://www.debian.org/security/2004/dsa-560vendor-advisory, x_refsource_DEBIAN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11796vdb-entry, signature, x_refsource_OVAL
http://scary.beasts.org/security/CESA-2004-003.txtx_refsource_MISC
http://lists.apple.com/archives/security-announce/2005/May/msg00001.htmlvendor-advisory, x_refsource_APPLE
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924vendor-advisory, x_refsource_CONECTIVA
http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.htmlvendor-advisory, x_refsource_SUSE
https://exchange.xforce.ibmcloud.com/vulnerabilities/17416vdb-entry, x_refsource_XF
http://www.securityfocus.com/bid/11196vdb-entry, x_refsource_BID
http://www.gentoo.org/security/en/glsa/glsa-200502-07.xmlvendor-advisory, x_refsource_GENTOO
http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patchx_refsource_CONFIRM
http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.htmlvendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/20235third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/434715/100/0/threadedvendor-advisory, x_refsource_HP
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1vendor-advisory, x_refsource_SUNALERT
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:24:27.110Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VU#537878",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/537878"
          },
          {
            "name": "RHSA-2005:004",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2005-004.html"
          },
          {
            "name": "USN-27-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/27-1/"
          },
          {
            "name": "ADV-2006-1914",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/1914"
          },
          {
            "name": "GLSA-200409-34",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml"
          },
          {
            "name": "TA05-136A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA05-136A.html"
          },
          {
            "name": "MDKSA-2004:098",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:098"
          },
          {
            "name": "HPSBUX02119",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded"
          },
          {
            "name": "RHSA-2004:537",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2004-537.html"
          },
          {
            "name": "20040915 CESA-2004-004: libXpm",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=109530851323415\u0026w=2"
          },
          {
            "name": "DSA-560",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2004/dsa-560"
          },
          {
            "name": "oval:org.mitre.oval:def:11796",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11796"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://scary.beasts.org/security/CESA-2004-003.txt"
          },
          {
            "name": "APPLE-SA-2005-05-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html"
          },
          {
            "name": "CLA-2005:924",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000924"
          },
          {
            "name": "SUSE-SA:2004:034",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html"
          },
          {
            "name": "libxpm-xpmfile-integer-overflow(17416)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17416"
          },
          {
            "name": "11196",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/11196"
          },
          {
            "name": "GLSA-200502-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch"
          },
          {
            "name": "FLSA-2006:152803",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html"
          },
          {
            "name": "20235",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20235"
          },
          {
            "name": "SSRT4848",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded"
          },
          {
            "name": "57653",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-09-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-19T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "VU#537878",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/537878"
        },
        {
          "name": "RHSA-2005:004",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2005-004.html"
        },
        {
          "name": "USN-27-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/27-1/"
        },
        {
          "name": "ADV-2006-1914",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/1914"
        },
        {
          "name": "GLSA-200409-34",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml"
        },
        {
          "name": "TA05-136A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA05-136A.html"
        },
        {
          "name": "MDKSA-2004:098",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:098"
        },
        {
          "name": "HPSBUX02119",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded"
        },
        {
          "name": "RHSA-2004:537",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2004-537.html"
        },
        {
          "name": "20040915 CESA-2004-004: libXpm",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=109530851323415\u0026w=2"
        },
        {
          "name": "DSA-560",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2004/dsa-560"
        },
        {
          "name": "oval:org.mitre.oval:def:11796",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11796"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://scary.beasts.org/security/CESA-2004-003.txt"
        },
        {
          "name": "APPLE-SA-2005-05-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html"
        },
        {
          "name": "CLA-2005:924",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000924"
        },
        {
          "name": "SUSE-SA:2004:034",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html"
        },
        {
          "name": "libxpm-xpmfile-integer-overflow(17416)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17416"
        },
        {
          "name": "11196",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/11196"
        },
        {
          "name": "GLSA-200502-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch"
        },
        {
          "name": "FLSA-2006:152803",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html"
        },
        {
          "name": "20235",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20235"
        },
        {
          "name": "SSRT4848",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded"
        },
        {
          "name": "57653",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-0688",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#537878",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/537878"
            },
            {
              "name": "RHSA-2005:004",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2005-004.html"
            },
            {
              "name": "USN-27-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/27-1/"
            },
            {
              "name": "ADV-2006-1914",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/1914"
            },
            {
              "name": "GLSA-200409-34",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml"
            },
            {
              "name": "TA05-136A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA05-136A.html"
            },
            {
              "name": "MDKSA-2004:098",
              "refsource": "MANDRAKE",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:098"
            },
            {
              "name": "HPSBUX02119",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded"
            },
            {
              "name": "RHSA-2004:537",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2004-537.html"
            },
            {
              "name": "20040915 CESA-2004-004: libXpm",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=109530851323415\u0026w=2"
            },
            {
              "name": "DSA-560",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2004/dsa-560"
            },
            {
              "name": "oval:org.mitre.oval:def:11796",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11796"
            },
            {
              "name": "http://scary.beasts.org/security/CESA-2004-003.txt",
              "refsource": "MISC",
              "url": "http://scary.beasts.org/security/CESA-2004-003.txt"
            },
            {
              "name": "APPLE-SA-2005-05-03",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html"
            },
            {
              "name": "CLA-2005:924",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000924"
            },
            {
              "name": "SUSE-SA:2004:034",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html"
            },
            {
              "name": "libxpm-xpmfile-integer-overflow(17416)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17416"
            },
            {
              "name": "11196",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/11196"
            },
            {
              "name": "GLSA-200502-07",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml"
            },
            {
              "name": "http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch",
              "refsource": "CONFIRM",
              "url": "http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch"
            },
            {
              "name": "FLSA-2006:152803",
              "refsource": "FEDORA",
              "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html"
            },
            {
              "name": "20235",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20235"
            },
            {
              "name": "SSRT4848",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded"
            },
            {
              "name": "57653",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-0688",
    "datePublished": "2004-09-24T04:00:00",
    "dateReserved": "2004-07-13T00:00:00",
    "dateUpdated": "2024-08-08T00:24:27.110Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2001-1178
Vulnerability from cvelistv5
Published
2002-03-15 05:00
Modified
2024-08-08 04:44
Severity ?
Summary
Buffer overflow in xman allows local users to gain privileges via a long MANPATH environment variable.
References
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T04:44:08.284Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20010711 suid xman 3.1.6 overflows",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0234.html"
          },
          {
            "name": "3030",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/3030"
          },
          {
            "name": "xfree86-xman-manpath-bo(6853)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6853"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2001-07-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in xman allows local users to gain privileges via a long MANPATH environment variable."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-18T21:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20010711 suid xman 3.1.6 overflows",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0234.html"
        },
        {
          "name": "3030",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/3030"
        },
        {
          "name": "xfree86-xman-manpath-bo(6853)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6853"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2001-1178",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in xman allows local users to gain privileges via a long MANPATH environment variable."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20010711 suid xman 3.1.6 overflows",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0234.html"
            },
            {
              "name": "3030",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/3030"
            },
            {
              "name": "xfree86-xman-manpath-bo(6853)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6853"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2001-1178",
    "datePublished": "2002-03-15T05:00:00",
    "dateReserved": "2002-03-15T00:00:00",
    "dateUpdated": "2024-08-08T04:44:08.284Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2002-1510
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:26
Severity ?
Summary
xdm, with the authComplain variable set to false, allows arbitrary attackers to connect to the X server if the xdm auth directory does not exist.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T03:26:28.676Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "CLA-2002:533",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000533"
          },
          {
            "name": "RHSA-2003:064",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-064.html"
          },
          {
            "name": "RHSA-2003:065",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-065.html"
          },
          {
            "name": "55602",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55602"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://wuarchive.wustl.edu/mirrors/NetBSD/NetBSD-current/xsrc/xfree/xc/programs/Xserver/hw/xfree86/CHANGELOG"
          },
          {
            "name": "xfree86-xdm-unauth-access(11389)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/11389.php"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2002-10-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "xdm, with the authComplain variable set to false, allows arbitrary attackers to connect to the X server if the xdm auth directory does not exist."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-05-21T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "CLA-2002:533",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000533"
        },
        {
          "name": "RHSA-2003:064",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-064.html"
        },
        {
          "name": "RHSA-2003:065",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-065.html"
        },
        {
          "name": "55602",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55602"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://wuarchive.wustl.edu/mirrors/NetBSD/NetBSD-current/xsrc/xfree/xc/programs/Xserver/hw/xfree86/CHANGELOG"
        },
        {
          "name": "xfree86-xdm-unauth-access(11389)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/11389.php"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-1510",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "xdm, with the authComplain variable set to false, allows arbitrary attackers to connect to the X server if the xdm auth directory does not exist."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "CLA-2002:533",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000533"
            },
            {
              "name": "RHSA-2003:064",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2003-064.html"
            },
            {
              "name": "RHSA-2003:065",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2003-065.html"
            },
            {
              "name": "55602",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55602"
            },
            {
              "name": "http://wuarchive.wustl.edu/mirrors/NetBSD/NetBSD-current/xsrc/xfree/xc/programs/Xserver/hw/xfree86/CHANGELOG",
              "refsource": "MISC",
              "url": "http://wuarchive.wustl.edu/mirrors/NetBSD/NetBSD-current/xsrc/xfree/xc/programs/Xserver/hw/xfree86/CHANGELOG"
            },
            {
              "name": "xfree86-xdm-unauth-access(11389)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/11389.php"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-1510",
    "datePublished": "2004-09-01T04:00:00",
    "dateReserved": "2003-02-19T00:00:00",
    "dateUpdated": "2024-08-08T03:26:28.676Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2004-0106
Vulnerability from cvelistv5
Published
2004-02-16 05:00
Modified
2024-08-08 00:10
Severity ?
Summary
Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:10:02.406Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SuSE-SA:2004:006",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2004_06_xf86.html"
          },
          {
            "name": "oval:org.mitre.oval:def:11111",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11111"
          },
          {
            "name": "RHSA-2004:060",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2004-060.html"
          },
          {
            "name": "CLA-2004:821",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821"
          },
          {
            "name": "oval:org.mitre.oval:def:809",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A809"
          },
          {
            "name": "xfree86-multiple-font-improper-handling(15206)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15206"
          },
          {
            "name": "FLSA:2314",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=110979666528890\u0026w=2"
          },
          {
            "name": "DSA-443",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2004/dsa-443"
          },
          {
            "name": "MDKSA-2004:012",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:012"
          },
          {
            "name": "oval:org.mitre.oval:def:832",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A832"
          },
          {
            "name": "RHSA-2004:059",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2004-059.html"
          },
          {
            "name": "RHSA-2004:061",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2004-061.html"
          },
          {
            "name": "SSA:2004-043",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-02-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "SuSE-SA:2004:006",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2004_06_xf86.html"
        },
        {
          "name": "oval:org.mitre.oval:def:11111",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11111"
        },
        {
          "name": "RHSA-2004:060",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2004-060.html"
        },
        {
          "name": "CLA-2004:821",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821"
        },
        {
          "name": "oval:org.mitre.oval:def:809",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A809"
        },
        {
          "name": "xfree86-multiple-font-improper-handling(15206)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15206"
        },
        {
          "name": "FLSA:2314",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=110979666528890\u0026w=2"
        },
        {
          "name": "DSA-443",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2004/dsa-443"
        },
        {
          "name": "MDKSA-2004:012",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:012"
        },
        {
          "name": "oval:org.mitre.oval:def:832",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A832"
        },
        {
          "name": "RHSA-2004:059",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2004-059.html"
        },
        {
          "name": "RHSA-2004:061",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2004-061.html"
        },
        {
          "name": "SSA:2004-043",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-0106",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SuSE-SA:2004:006",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2004_06_xf86.html"
            },
            {
              "name": "oval:org.mitre.oval:def:11111",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11111"
            },
            {
              "name": "RHSA-2004:060",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2004-060.html"
            },
            {
              "name": "CLA-2004:821",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821"
            },
            {
              "name": "oval:org.mitre.oval:def:809",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A809"
            },
            {
              "name": "xfree86-multiple-font-improper-handling(15206)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15206"
            },
            {
              "name": "FLSA:2314",
              "refsource": "FEDORA",
              "url": "http://marc.info/?l=bugtraq\u0026m=110979666528890\u0026w=2"
            },
            {
              "name": "DSA-443",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2004/dsa-443"
            },
            {
              "name": "MDKSA-2004:012",
              "refsource": "MANDRAKE",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:012"
            },
            {
              "name": "oval:org.mitre.oval:def:832",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A832"
            },
            {
              "name": "RHSA-2004:059",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2004-059.html"
            },
            {
              "name": "RHSA-2004:061",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2004-061.html"
            },
            {
              "name": "SSA:2004-043",
              "refsource": "SLACKWARE",
              "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-0106",
    "datePublished": "2004-02-16T05:00:00",
    "dateReserved": "2004-02-02T00:00:00",
    "dateUpdated": "2024-08-08T00:10:02.406Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2001-1179
Vulnerability from cvelistv5
Published
2002-03-15 05:00
Modified
2024-08-08 04:44
Severity ?
Summary
xman allows local users to gain privileges by modifying the MANPATH to point to a man page whose filename contains shell metacharacters.
References
http://www.securityfocus.com/archive/1/197498mailing-list, x_refsource_BUGTRAQ
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T04:44:08.304Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20010717 xman (suid) exploit, made easier.",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/197498"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2001-07-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "xman allows local users to gain privileges by modifying the MANPATH to point to a man page whose filename contains shell metacharacters."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2002-03-22T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20010717 xman (suid) exploit, made easier.",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/197498"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2001-1179",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "xman allows local users to gain privileges by modifying the MANPATH to point to a man page whose filename contains shell metacharacters."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20010717 xman (suid) exploit, made easier.",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/197498"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2001-1179",
    "datePublished": "2002-03-15T05:00:00",
    "dateReserved": "2002-03-15T00:00:00",
    "dateUpdated": "2024-08-08T04:44:08.304Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2000-0620
Vulnerability from cvelistv5
Published
2001-09-18 04:00
Modified
2024-08-08 05:21
Severity ?
Summary
libX11 X library allows remote attackers to cause a denial of service via a resource mask of 0, which causes libX11 to go into an infinite loop.
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/4996vdb-entry, x_refsource_XF
http://marc.info/?l=bugtraq&m=96146116627474&w=2mailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/bid/1409vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T05:21:31.408Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "libx11-infinite-loop-dos(4996)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4996"
          },
          {
            "name": "20000619 XFree86: Various nasty libX11 holes",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=96146116627474\u0026w=2"
          },
          {
            "name": "1409",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/1409"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2000-06-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "libX11 X library allows remote attackers to cause a denial of service via a resource mask of 0, which causes libX11 to go into an infinite loop."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2005-11-02T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "libx11-infinite-loop-dos(4996)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4996"
        },
        {
          "name": "20000619 XFree86: Various nasty libX11 holes",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=96146116627474\u0026w=2"
        },
        {
          "name": "1409",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/1409"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2000-0620",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "libX11 X library allows remote attackers to cause a denial of service via a resource mask of 0, which causes libX11 to go into an infinite loop."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "libx11-infinite-loop-dos(4996)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4996"
            },
            {
              "name": "20000619 XFree86: Various nasty libX11 holes",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=96146116627474\u0026w=2"
            },
            {
              "name": "1409",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/1409"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2000-0620",
    "datePublished": "2001-09-18T04:00:00",
    "dateReserved": "2000-07-19T00:00:00",
    "dateUpdated": "2024-08-08T05:21:31.408Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2004-0084
Vulnerability from cvelistv5
Published
2004-02-14 05:00
Modified
2024-08-08 00:10
Severity ?
Summary
Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106.
References
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A831vdb-entry, signature, x_refsource_OVAL
http://www.novell.com/linux/security/advisories/2004_06_xf86.htmlvendor-advisory, x_refsource_SUSE
http://www.kb.cert.org/vuls/id/667502third-party-advisory, x_refsource_CERT-VN
http://www.redhat.com/support/errata/RHSA-2004-060.htmlvendor-advisory, x_refsource_REDHAT
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1vendor-advisory, x_refsource_SUNALERT
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821vendor-advisory, x_refsource_CONECTIVA
https://exchange.xforce.ibmcloud.com/vulnerabilities/15200vdb-entry, x_refsource_XF
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A807vdb-entry, signature, x_refsource_OVAL
http://marc.info/?l=bugtraq&m=110979666528890&w=2vendor-advisory, x_refsource_FEDORA
http://www.debian.org/security/2004/dsa-443vendor-advisory, x_refsource_DEBIAN
http://marc.info/?l=bugtraq&m=107662833512775&w=2mailing-list, x_refsource_BUGTRAQ
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10405vdb-entry, signature, x_refsource_OVAL
http://www.securityfocus.com/bid/9652vdb-entry, x_refsource_BID
http://www.mandriva.com/security/advisories?name=MDKSA-2004:012vendor-advisory, x_refsource_MANDRAKE
http://www.idefense.com/application/poi/display?id=73x_refsource_MISC
http://www.redhat.com/support/errata/RHSA-2004-059.htmlvendor-advisory, x_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2004-061.htmlvendor-advisory, x_refsource_REDHAT
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053vendor-advisory, x_refsource_SLACKWARE
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:10:03.364Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:831",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A831"
          },
          {
            "name": "SuSE-SA:2004:006",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2004_06_xf86.html"
          },
          {
            "name": "VU#667502",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/667502"
          },
          {
            "name": "RHSA-2004:060",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2004-060.html"
          },
          {
            "name": "57768",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1"
          },
          {
            "name": "CLA-2004:821",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821"
          },
          {
            "name": "xfree86-copyisolatin1lLowered-bo(15200)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15200"
          },
          {
            "name": "oval:org.mitre.oval:def:807",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A807"
          },
          {
            "name": "FLSA:2314",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=110979666528890\u0026w=2"
          },
          {
            "name": "DSA-443",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2004/dsa-443"
          },
          {
            "name": "20040212 iDEFENSE Security Advisory 02.11.04: XFree86 Font Information File Buffer Overflow II",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=107662833512775\u0026w=2"
          },
          {
            "name": "oval:org.mitre.oval:def:10405",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10405"
          },
          {
            "name": "9652",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/9652"
          },
          {
            "name": "MDKSA-2004:012",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:012"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.idefense.com/application/poi/display?id=73"
          },
          {
            "name": "RHSA-2004:059",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2004-059.html"
          },
          {
            "name": "RHSA-2004:061",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2004-061.html"
          },
          {
            "name": "SSA:2004-043",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-02-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:831",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A831"
        },
        {
          "name": "SuSE-SA:2004:006",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2004_06_xf86.html"
        },
        {
          "name": "VU#667502",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/667502"
        },
        {
          "name": "RHSA-2004:060",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2004-060.html"
        },
        {
          "name": "57768",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1"
        },
        {
          "name": "CLA-2004:821",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821"
        },
        {
          "name": "xfree86-copyisolatin1lLowered-bo(15200)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15200"
        },
        {
          "name": "oval:org.mitre.oval:def:807",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A807"
        },
        {
          "name": "FLSA:2314",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=110979666528890\u0026w=2"
        },
        {
          "name": "DSA-443",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2004/dsa-443"
        },
        {
          "name": "20040212 iDEFENSE Security Advisory 02.11.04: XFree86 Font Information File Buffer Overflow II",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=107662833512775\u0026w=2"
        },
        {
          "name": "oval:org.mitre.oval:def:10405",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10405"
        },
        {
          "name": "9652",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/9652"
        },
        {
          "name": "MDKSA-2004:012",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:012"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.idefense.com/application/poi/display?id=73"
        },
        {
          "name": "RHSA-2004:059",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2004-059.html"
        },
        {
          "name": "RHSA-2004:061",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2004-061.html"
        },
        {
          "name": "SSA:2004-043",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-0084",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:831",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A831"
            },
            {
              "name": "SuSE-SA:2004:006",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2004_06_xf86.html"
            },
            {
              "name": "VU#667502",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/667502"
            },
            {
              "name": "RHSA-2004:060",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2004-060.html"
            },
            {
              "name": "57768",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1"
            },
            {
              "name": "CLA-2004:821",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821"
            },
            {
              "name": "xfree86-copyisolatin1lLowered-bo(15200)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15200"
            },
            {
              "name": "oval:org.mitre.oval:def:807",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A807"
            },
            {
              "name": "FLSA:2314",
              "refsource": "FEDORA",
              "url": "http://marc.info/?l=bugtraq\u0026m=110979666528890\u0026w=2"
            },
            {
              "name": "DSA-443",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2004/dsa-443"
            },
            {
              "name": "20040212 iDEFENSE Security Advisory 02.11.04: XFree86 Font Information File Buffer Overflow II",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=107662833512775\u0026w=2"
            },
            {
              "name": "oval:org.mitre.oval:def:10405",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10405"
            },
            {
              "name": "9652",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/9652"
            },
            {
              "name": "MDKSA-2004:012",
              "refsource": "MANDRAKE",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:012"
            },
            {
              "name": "http://www.idefense.com/application/poi/display?id=73",
              "refsource": "MISC",
              "url": "http://www.idefense.com/application/poi/display?id=73"
            },
            {
              "name": "RHSA-2004:059",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2004-059.html"
            },
            {
              "name": "RHSA-2004:061",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2004-061.html"
            },
            {
              "name": "SSA:2004-043",
              "refsource": "SLACKWARE",
              "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-0084",
    "datePublished": "2004-02-14T05:00:00",
    "dateReserved": "2004-01-19T00:00:00",
    "dateUpdated": "2024-08-08T00:10:03.364Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2003-0071
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 01:43
Severity ?
Summary
The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop.
References
http://www.debian.org/security/2003/dsa-380vendor-advisory, x_refsource_DEBIAN
http://www.redhat.com/support/errata/RHSA-2003-067.htmlvendor-advisory, x_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2003-066.htmlvendor-advisory, x_refsource_REDHAT
http://www.iss.net/security_center/static/11415.phpvdb-entry, x_refsource_XF
http://marc.info/?l=bugtraq&m=104612710031920&w=2mailing-list, x_refsource_BUGTRAQ
http://www.redhat.com/support/errata/RHSA-2003-064.htmlvendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/6950vdb-entry, x_refsource_BID
http://www.redhat.com/support/errata/RHSA-2003-065.htmlvendor-advisory, x_refsource_REDHAT
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.htmlmailing-list, x_refsource_VULNWATCH
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:43:34.879Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-380",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2003/dsa-380"
          },
          {
            "name": "RHSA-2003:067",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-067.html"
          },
          {
            "name": "RHSA-2003:066",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-066.html"
          },
          {
            "name": "terminal-emulator-dec-udk(11415)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/11415.php"
          },
          {
            "name": "20030224 Terminal Emulator Security Issues",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
          },
          {
            "name": "RHSA-2003:064",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-064.html"
          },
          {
            "name": "6950",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/6950"
          },
          {
            "name": "RHSA-2003:065",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-065.html"
          },
          {
            "name": "20030224 Terminal Emulator Security Issues",
            "tags": [
              "mailing-list",
              "x_refsource_VULNWATCH",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-02-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-05-21T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-380",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2003/dsa-380"
        },
        {
          "name": "RHSA-2003:067",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-067.html"
        },
        {
          "name": "RHSA-2003:066",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-066.html"
        },
        {
          "name": "terminal-emulator-dec-udk(11415)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/11415.php"
        },
        {
          "name": "20030224 Terminal Emulator Security Issues",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
        },
        {
          "name": "RHSA-2003:064",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-064.html"
        },
        {
          "name": "6950",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/6950"
        },
        {
          "name": "RHSA-2003:065",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-065.html"
        },
        {
          "name": "20030224 Terminal Emulator Security Issues",
          "tags": [
            "mailing-list",
            "x_refsource_VULNWATCH"
          ],
          "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0071",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-380",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2003/dsa-380"
            },
            {
              "name": "RHSA-2003:067",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2003-067.html"
            },
            {
              "name": "RHSA-2003:066",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2003-066.html"
            },
            {
              "name": "terminal-emulator-dec-udk(11415)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/11415.php"
            },
            {
              "name": "20030224 Terminal Emulator Security Issues",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
            },
            {
              "name": "RHSA-2003:064",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2003-064.html"
            },
            {
              "name": "6950",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/6950"
            },
            {
              "name": "RHSA-2003:065",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2003-065.html"
            },
            {
              "name": "20030224 Terminal Emulator Security Issues",
              "refsource": "VULNWATCH",
              "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-0071",
    "datePublished": "2004-09-01T04:00:00",
    "dateReserved": "2003-02-04T00:00:00",
    "dateUpdated": "2024-08-08T01:43:34.879Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2002-1317
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:19
Severity ?
Summary
Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T03:19:28.528Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "HPSBUX0212-228",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/advisories/4988"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/48879"
          },
          {
            "name": "20021125 ISS Security Brief: Solaris fs.auto Remote Compromise Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=103825150527843\u0026w=2"
          },
          {
            "name": "oval:org.mitre.oval:def:149",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A149"
          },
          {
            "name": "CA-2002-34",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.cert.org/advisories/CA-2002-34.html"
          },
          {
            "name": "oval:org.mitre.oval:def:152",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A152"
          },
          {
            "name": "oval:org.mitre.oval:def:2816",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2816"
          },
          {
            "name": "VU#312313",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/312313"
          },
          {
            "name": "20021125 Solaris fs.auto Remote Compromise Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_ISS",
              "x_transferred"
            ],
            "url": "http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21541"
          },
          {
            "name": "solaris-fsauto-execute-code(10375)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/10375.php"
          },
          {
            "name": "20021202-01-I",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20021202-01-I"
          },
          {
            "name": "6241",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/6241"
          },
          {
            "name": "N-024",
            "tags": [
              "third-party-advisory",
              "government-resource",
              "x_refsource_CIAC",
              "x_transferred"
            ],
            "url": "http://www.ciac.org/ciac/bulletins/n-024.shtml"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2002-11-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2006-11-01T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "HPSBUX0212-228",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/advisories/4988"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/48879"
        },
        {
          "name": "20021125 ISS Security Brief: Solaris fs.auto Remote Compromise Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=103825150527843\u0026w=2"
        },
        {
          "name": "oval:org.mitre.oval:def:149",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A149"
        },
        {
          "name": "CA-2002-34",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.cert.org/advisories/CA-2002-34.html"
        },
        {
          "name": "oval:org.mitre.oval:def:152",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A152"
        },
        {
          "name": "oval:org.mitre.oval:def:2816",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2816"
        },
        {
          "name": "VU#312313",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/312313"
        },
        {
          "name": "20021125 Solaris fs.auto Remote Compromise Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_ISS"
          ],
          "url": "http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21541"
        },
        {
          "name": "solaris-fsauto-execute-code(10375)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/10375.php"
        },
        {
          "name": "20021202-01-I",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20021202-01-I"
        },
        {
          "name": "6241",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/6241"
        },
        {
          "name": "N-024",
          "tags": [
            "third-party-advisory",
            "government-resource",
            "x_refsource_CIAC"
          ],
          "url": "http://www.ciac.org/ciac/bulletins/n-024.shtml"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-1317",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "HPSBUX0212-228",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/advisories/4988"
            },
            {
              "name": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/48879",
              "refsource": "CONFIRM",
              "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/48879"
            },
            {
              "name": "20021125 ISS Security Brief: Solaris fs.auto Remote Compromise Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=103825150527843\u0026w=2"
            },
            {
              "name": "oval:org.mitre.oval:def:149",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A149"
            },
            {
              "name": "CA-2002-34",
              "refsource": "CERT",
              "url": "http://www.cert.org/advisories/CA-2002-34.html"
            },
            {
              "name": "oval:org.mitre.oval:def:152",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A152"
            },
            {
              "name": "oval:org.mitre.oval:def:2816",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2816"
            },
            {
              "name": "VU#312313",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/312313"
            },
            {
              "name": "20021125 Solaris fs.auto Remote Compromise Vulnerability",
              "refsource": "ISS",
              "url": "http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21541"
            },
            {
              "name": "solaris-fsauto-execute-code(10375)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/10375.php"
            },
            {
              "name": "20021202-01-I",
              "refsource": "SGI",
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20021202-01-I"
            },
            {
              "name": "6241",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/6241"
            },
            {
              "name": "N-024",
              "refsource": "CIAC",
              "url": "http://www.ciac.org/ciac/bulletins/n-024.shtml"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-1317",
    "datePublished": "2004-09-01T04:00:00",
    "dateReserved": "2002-11-25T00:00:00",
    "dateUpdated": "2024-08-08T03:19:28.528Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-1999-0241
Vulnerability from cvelistv5
Published
2000-02-04 05:00
Modified
2024-08-01 16:34
Severity ?
Summary
Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T16:34:51.868Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0241"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-17T07:01:42",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0241"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-1999-0241",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0241",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0241"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-1999-0241",
    "datePublished": "2000-02-04T05:00:00",
    "dateReserved": "1999-06-07T00:00:00",
    "dateUpdated": "2024-08-01T16:34:51.868Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2004-0094
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 00:10
Severity ?
Summary
Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure (DRI).
References
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:10:03.564Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-443",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2004/dsa-443"
          },
          {
            "name": "20040406-01-U",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U"
          },
          {
            "name": "9701",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/9701"
          },
          {
            "name": "RHSA-2004:152",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2004-152.html"
          },
          {
            "name": "xfree86-glx-integer-dos(15273)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15273"
          },
          {
            "name": "CLSA-2004:824",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000824"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-02-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure (DRI)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2004-03-04T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-443",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2004/dsa-443"
        },
        {
          "name": "20040406-01-U",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U"
        },
        {
          "name": "9701",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/9701"
        },
        {
          "name": "RHSA-2004:152",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2004-152.html"
        },
        {
          "name": "xfree86-glx-integer-dos(15273)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15273"
        },
        {
          "name": "CLSA-2004:824",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000824"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-0094",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure (DRI)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-443",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2004/dsa-443"
            },
            {
              "name": "20040406-01-U",
              "refsource": "SGI",
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U"
            },
            {
              "name": "9701",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/9701"
            },
            {
              "name": "RHSA-2004:152",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2004-152.html"
            },
            {
              "name": "xfree86-glx-integer-dos(15273)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15273"
            },
            {
              "name": "CLSA-2004:824",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000824"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-0094",
    "datePublished": "2004-09-01T04:00:00",
    "dateReserved": "2004-01-23T00:00:00",
    "dateUpdated": "2024-08-08T00:10:03.564Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2000-0504
Vulnerability from cvelistv5
Published
2001-05-07 04:00
Modified
2024-08-08 05:21
Severity ?
Summary
libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro.
References
http://www.xfree86.org/security/x_refsource_CONFIRM
http://www.securityfocus.com/bid/1369vdb-entry, x_refsource_BID
http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.htmlmailing-list, x_refsource_BUGTRAQ
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T05:21:31.029Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.xfree86.org/security/"
          },
          {
            "name": "1369",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/1369"
          },
          {
            "name": "20000619 XFree86: libICE DoS",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2000-06-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2005-11-02T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.xfree86.org/security/"
        },
        {
          "name": "1369",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/1369"
        },
        {
          "name": "20000619 XFree86: libICE DoS",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2000-0504",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.xfree86.org/security/",
              "refsource": "CONFIRM",
              "url": "http://www.xfree86.org/security/"
            },
            {
              "name": "1369",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/1369"
            },
            {
              "name": "20000619 XFree86: libICE DoS",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2000-0504",
    "datePublished": "2001-05-07T04:00:00",
    "dateReserved": "2000-07-11T00:00:00",
    "dateUpdated": "2024-08-08T05:21:31.029Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2004-0914
Vulnerability from cvelistv5
Published
2004-12-15 05:00
Modified
2024-08-08 00:31
Severity ?
Summary
Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions.
References
http://www.redhat.com/support/errata/RHSA-2005-004.htmlvendor-advisory, x_refsource_REDHAT
https://exchange.xforce.ibmcloud.com/vulnerabilities/18146vdb-entry, x_refsource_XF
http://www.ubuntu.com/usn/usn-83-1vendor-advisory, x_refsource_UBUNTU
http://rhn.redhat.com/errata/RHSA-2004-537.htmlvendor-advisory, x_refsource_REDHAT
https://exchange.xforce.ibmcloud.com/vulnerabilities/18142vdb-entry, x_refsource_XF
http://secunia.com/advisories/13224/third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9943vdb-entry, signature, x_refsource_OVAL
http://www.linuxsecurity.com/content/view/106877/102/vendor-advisory, x_refsource_FEDORA
http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patchx_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2004-610.htmlvendor-advisory, x_refsource_REDHAT
https://exchange.xforce.ibmcloud.com/vulnerabilities/18144vdb-entry, x_refsource_XF
http://www.gentoo.org/security/en/glsa/glsa-200502-07.xmlvendor-advisory, x_refsource_GENTOO
http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.htmlvendor-advisory, x_refsource_FEDORA
http://www.debian.org/security/2004/dsa-607vendor-advisory, x_refsource_DEBIAN
http://www.securityfocus.com/bid/11694vdb-entry, x_refsource_BID
http://www.gentoo.org/security/en/glsa/glsa-200502-06.xmlvendor-advisory, x_refsource_GENTOO
http://www.ubuntu.com/usn/usn-83-2vendor-advisory, x_refsource_UBUNTU
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01228vendor-advisory, x_refsource_HP
http://www.mandriva.com/security/advisories?name=MDKSA-2004:137vendor-advisory, x_refsource_MANDRAKE
http://www.gentoo.org/security/en/glsa/glsa-200411-28.xmlvendor-advisory, x_refsource_GENTOO
https://exchange.xforce.ibmcloud.com/vulnerabilities/18147vdb-entry, x_refsource_XF
https://exchange.xforce.ibmcloud.com/vulnerabilities/18145vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:31:48.097Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2005:004",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2005-004.html"
          },
          {
            "name": "libxpm-directory-traversal(18146)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18146"
          },
          {
            "name": "USN-83-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-83-1"
          },
          {
            "name": "RHSA-2004:537",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2004-537.html"
          },
          {
            "name": "libxpm-image-bo(18142)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18142"
          },
          {
            "name": "13224",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/13224/"
          },
          {
            "name": "oval:org.mitre.oval:def:9943",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9943"
          },
          {
            "name": "FEDORA-2004-433",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://www.linuxsecurity.com/content/view/106877/102/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch"
          },
          {
            "name": "RHSA-2004:610",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2004-610.html"
          },
          {
            "name": "libxpm-improper-memory-access(18144)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18144"
          },
          {
            "name": "GLSA-200502-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml"
          },
          {
            "name": "FLSA-2006:152803",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html"
          },
          {
            "name": "DSA-607",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2004/dsa-607"
          },
          {
            "name": "11694",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/11694"
          },
          {
            "name": "GLSA-200502-06",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-06.xml"
          },
          {
            "name": "USN-83-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-83-2"
          },
          {
            "name": "HPSBTU01228",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01228"
          },
          {
            "name": "MDKSA-2004:137",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:137"
          },
          {
            "name": "GLSA-200411-28",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200411-28.xml"
          },
          {
            "name": "libxpm-dos(18147)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18147"
          },
          {
            "name": "libxpm-command-execution(18145)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18145"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-11-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE\u0027s content decisions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-18T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2005:004",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2005-004.html"
        },
        {
          "name": "libxpm-directory-traversal(18146)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18146"
        },
        {
          "name": "USN-83-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-83-1"
        },
        {
          "name": "RHSA-2004:537",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2004-537.html"
        },
        {
          "name": "libxpm-image-bo(18142)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18142"
        },
        {
          "name": "13224",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/13224/"
        },
        {
          "name": "oval:org.mitre.oval:def:9943",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9943"
        },
        {
          "name": "FEDORA-2004-433",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://www.linuxsecurity.com/content/view/106877/102/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch"
        },
        {
          "name": "RHSA-2004:610",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2004-610.html"
        },
        {
          "name": "libxpm-improper-memory-access(18144)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18144"
        },
        {
          "name": "GLSA-200502-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml"
        },
        {
          "name": "FLSA-2006:152803",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html"
        },
        {
          "name": "DSA-607",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2004/dsa-607"
        },
        {
          "name": "11694",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/11694"
        },
        {
          "name": "GLSA-200502-06",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-06.xml"
        },
        {
          "name": "USN-83-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-83-2"
        },
        {
          "name": "HPSBTU01228",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01228"
        },
        {
          "name": "MDKSA-2004:137",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:137"
        },
        {
          "name": "GLSA-200411-28",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200411-28.xml"
        },
        {
          "name": "libxpm-dos(18147)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18147"
        },
        {
          "name": "libxpm-command-execution(18145)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18145"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-0914",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE\u0027s content decisions."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2005:004",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2005-004.html"
            },
            {
              "name": "libxpm-directory-traversal(18146)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18146"
            },
            {
              "name": "USN-83-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-83-1"
            },
            {
              "name": "RHSA-2004:537",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2004-537.html"
            },
            {
              "name": "libxpm-image-bo(18142)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18142"
            },
            {
              "name": "13224",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/13224/"
            },
            {
              "name": "oval:org.mitre.oval:def:9943",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9943"
            },
            {
              "name": "FEDORA-2004-433",
              "refsource": "FEDORA",
              "url": "http://www.linuxsecurity.com/content/view/106877/102/"
            },
            {
              "name": "http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch",
              "refsource": "CONFIRM",
              "url": "http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch"
            },
            {
              "name": "RHSA-2004:610",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2004-610.html"
            },
            {
              "name": "libxpm-improper-memory-access(18144)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18144"
            },
            {
              "name": "GLSA-200502-07",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml"
            },
            {
              "name": "FLSA-2006:152803",
              "refsource": "FEDORA",
              "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html"
            },
            {
              "name": "DSA-607",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2004/dsa-607"
            },
            {
              "name": "11694",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/11694"
            },
            {
              "name": "GLSA-200502-06",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-06.xml"
            },
            {
              "name": "USN-83-2",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-83-2"
            },
            {
              "name": "HPSBTU01228",
              "refsource": "HP",
              "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01228"
            },
            {
              "name": "MDKSA-2004:137",
              "refsource": "MANDRAKE",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:137"
            },
            {
              "name": "GLSA-200411-28",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200411-28.xml"
            },
            {
              "name": "libxpm-dos(18147)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18147"
            },
            {
              "name": "libxpm-command-execution(18145)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18145"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-0914",
    "datePublished": "2004-12-15T05:00:00",
    "dateReserved": "2004-09-27T00:00:00",
    "dateUpdated": "2024-08-08T00:31:48.097Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2003-0730
Vulnerability from cvelistv5
Published
2003-09-03 04:00
Modified
2024-08-08 02:05
Severity ?
Summary
Multiple integer overflows in the font libraries for XFree86 4.3.0 allow local or remote attackers to cause a denial of service or execute arbitrary code via heap-based and stack-based buffer overflow attacks.
References
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T02:05:12.594Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "24168",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24168"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-074.htm"
          },
          {
            "name": "20030830 Multiple integer overflows in XFree86 (local/remote)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=106229335312429\u0026w=2"
          },
          {
            "name": "CLA-2004:821",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821"
          },
          {
            "name": "ADV-2007-0589",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0589"
          },
          {
            "name": "8514",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/8514"
          },
          {
            "name": "20031101-01-U",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20031101-01-U.asc"
          },
          {
            "name": "MDKSA-2003:089",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:089"
          },
          {
            "name": "RHSA-2003:289",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-289.html"
          },
          {
            "name": "102803",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102803-1"
          },
          {
            "name": "RHSA-2003:287",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-287.html"
          },
          {
            "name": "RHSA-2003:286",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-286.html"
          },
          {
            "name": "24247",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24247"
          },
          {
            "name": "NetBSD-SA2003-015",
            "tags": [
              "vendor-advisory",
              "x_refsource_NETBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-015.txt.asc"
          },
          {
            "name": "DSA-380",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2003/dsa-380"
          },
          {
            "name": "RHSA-2003:288",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-288.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-08-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple integer overflows in the font libraries for XFree86 4.3.0 allow local or remote attackers to cause a denial of service or execute arbitrary code via heap-based and stack-based buffer overflow attacks."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-10-17T13:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "24168",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24168"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-074.htm"
        },
        {
          "name": "20030830 Multiple integer overflows in XFree86 (local/remote)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=106229335312429\u0026w=2"
        },
        {
          "name": "CLA-2004:821",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821"
        },
        {
          "name": "ADV-2007-0589",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0589"
        },
        {
          "name": "8514",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/8514"
        },
        {
          "name": "20031101-01-U",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20031101-01-U.asc"
        },
        {
          "name": "MDKSA-2003:089",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:089"
        },
        {
          "name": "RHSA-2003:289",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-289.html"
        },
        {
          "name": "102803",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102803-1"
        },
        {
          "name": "RHSA-2003:287",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-287.html"
        },
        {
          "name": "RHSA-2003:286",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-286.html"
        },
        {
          "name": "24247",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24247"
        },
        {
          "name": "NetBSD-SA2003-015",
          "tags": [
            "vendor-advisory",
            "x_refsource_NETBSD"
          ],
          "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-015.txt.asc"
        },
        {
          "name": "DSA-380",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2003/dsa-380"
        },
        {
          "name": "RHSA-2003:288",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-288.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0730",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple integer overflows in the font libraries for XFree86 4.3.0 allow local or remote attackers to cause a denial of service or execute arbitrary code via heap-based and stack-based buffer overflow attacks."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "24168",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24168"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-074.htm",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-074.htm"
            },
            {
              "name": "20030830 Multiple integer overflows in XFree86 (local/remote)",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=106229335312429\u0026w=2"
            },
            {
              "name": "CLA-2004:821",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821"
            },
            {
              "name": "ADV-2007-0589",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0589"
            },
            {
              "name": "8514",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/8514"
            },
            {
              "name": "20031101-01-U",
              "refsource": "SGI",
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20031101-01-U.asc"
            },
            {
              "name": "MDKSA-2003:089",
              "refsource": "MANDRAKE",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:089"
            },
            {
              "name": "RHSA-2003:289",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2003-289.html"
            },
            {
              "name": "102803",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102803-1"
            },
            {
              "name": "RHSA-2003:287",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2003-287.html"
            },
            {
              "name": "RHSA-2003:286",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2003-286.html"
            },
            {
              "name": "24247",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24247"
            },
            {
              "name": "NetBSD-SA2003-015",
              "refsource": "NETBSD",
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-015.txt.asc"
            },
            {
              "name": "DSA-380",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2003/dsa-380"
            },
            {
              "name": "RHSA-2003:288",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2003-288.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-0730",
    "datePublished": "2003-09-03T04:00:00",
    "dateReserved": "2003-09-02T00:00:00",
    "dateUpdated": "2024-08-08T02:05:12.594Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2004-0687
Vulnerability from cvelistv5
Published
2004-09-24 00:00
Modified
2024-08-08 00:24
Severity ?
Summary
Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.
References
http://www.redhat.com/support/errata/RHSA-2005-004.htmlvendor-advisory
https://usn.ubuntu.com/27-1/vendor-advisory
http://www.vupen.com/english/advisories/2006/1914vdb-entry
http://www.gentoo.org/security/en/glsa/glsa-200409-34.xmlvendor-advisory
http://www.kb.cert.org/vuls/id/882750third-party-advisory
http://www.us-cert.gov/cas/techalerts/TA05-136A.htmlthird-party-advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2004:098vendor-advisory
http://www.securityfocus.com/archive/1/434715/100/0/threadedvendor-advisory
http://www.redhat.com/support/errata/RHSA-2004-537.htmlvendor-advisory
http://marc.info/?l=bugtraq&m=109530851323415&w=2mailing-list
http://www.debian.org/security/2004/dsa-560vendor-advisory
http://scary.beasts.org/security/CESA-2004-003.txt
http://lists.apple.com/archives/security-announce/2005/May/msg00001.htmlvendor-advisory
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924vendor-advisory
http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.htmlvendor-advisory
http://www.securityfocus.com/bid/11196vdb-entry
http://www.gentoo.org/security/en/glsa/glsa-200502-07.xmlvendor-advisory
http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch
http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.htmlvendor-advisory
http://secunia.com/advisories/20235third-party-advisory
http://www.securityfocus.com/archive/1/434715/100/0/threadedvendor-advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1vendor-advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9187vdb-entry, signature
https://exchange.xforce.ibmcloud.com/vulnerabilities/17414vdb-entry
http://packetstormsecurity.com/files/170620/Solaris-10-dtprintinfo-libXm-libXpm-Security-Issues.html
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:24:27.112Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2005:004",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2005-004.html"
          },
          {
            "name": "USN-27-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/27-1/"
          },
          {
            "name": "ADV-2006-1914",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/1914"
          },
          {
            "name": "GLSA-200409-34",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml"
          },
          {
            "name": "VU#882750",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/882750"
          },
          {
            "name": "TA05-136A",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA05-136A.html"
          },
          {
            "name": "MDKSA-2004:098",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:098"
          },
          {
            "name": "HPSBUX02119",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded"
          },
          {
            "name": "RHSA-2004:537",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2004-537.html"
          },
          {
            "name": "20040915 CESA-2004-004: libXpm",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=109530851323415\u0026w=2"
          },
          {
            "name": "DSA-560",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2004/dsa-560"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://scary.beasts.org/security/CESA-2004-003.txt"
          },
          {
            "name": "APPLE-SA-2005-05-03",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html"
          },
          {
            "name": "CLA-2005:924",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000924"
          },
          {
            "name": "SUSE-SA:2004:034",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html"
          },
          {
            "name": "11196",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/11196"
          },
          {
            "name": "GLSA-200502-07",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch"
          },
          {
            "name": "FLSA-2006:152803",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html"
          },
          {
            "name": "20235",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20235"
          },
          {
            "name": "SSRT4848",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded"
          },
          {
            "name": "57653",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1"
          },
          {
            "name": "oval:org.mitre.oval:def:9187",
            "tags": [
              "vdb-entry",
              "signature",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9187"
          },
          {
            "name": "libxpm-multiple-stack-bo(17414)",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17414"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/170620/Solaris-10-dtprintinfo-libXm-libXpm-Security-Issues.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-09-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-20T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2005:004",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2005-004.html"
        },
        {
          "name": "USN-27-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://usn.ubuntu.com/27-1/"
        },
        {
          "name": "ADV-2006-1914",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/1914"
        },
        {
          "name": "GLSA-200409-34",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml"
        },
        {
          "name": "VU#882750",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://www.kb.cert.org/vuls/id/882750"
        },
        {
          "name": "TA05-136A",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA05-136A.html"
        },
        {
          "name": "MDKSA-2004:098",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:098"
        },
        {
          "name": "HPSBUX02119",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded"
        },
        {
          "name": "RHSA-2004:537",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2004-537.html"
        },
        {
          "name": "20040915 CESA-2004-004: libXpm",
          "tags": [
            "mailing-list"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=109530851323415\u0026w=2"
        },
        {
          "name": "DSA-560",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2004/dsa-560"
        },
        {
          "url": "http://scary.beasts.org/security/CESA-2004-003.txt"
        },
        {
          "name": "APPLE-SA-2005-05-03",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html"
        },
        {
          "name": "CLA-2005:924",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000924"
        },
        {
          "name": "SUSE-SA:2004:034",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html"
        },
        {
          "name": "11196",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/11196"
        },
        {
          "name": "GLSA-200502-07",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml"
        },
        {
          "url": "http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch"
        },
        {
          "name": "FLSA-2006:152803",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html"
        },
        {
          "name": "20235",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://secunia.com/advisories/20235"
        },
        {
          "name": "SSRT4848",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded"
        },
        {
          "name": "57653",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1"
        },
        {
          "name": "oval:org.mitre.oval:def:9187",
          "tags": [
            "vdb-entry",
            "signature"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9187"
        },
        {
          "name": "libxpm-multiple-stack-bo(17414)",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17414"
        },
        {
          "url": "http://packetstormsecurity.com/files/170620/Solaris-10-dtprintinfo-libXm-libXpm-Security-Issues.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-0687",
    "datePublished": "2004-09-24T00:00:00",
    "dateReserved": "2004-07-13T00:00:00",
    "dateUpdated": "2024-08-08T00:24:27.112Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2004-0093
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 00:10
Severity ?
Summary
XFree86 4.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an out-of-bounds array index when using the GLX extension and Direct Rendering Infrastructure (DRI).
References
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:10:02.925Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-443",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2004/dsa-443"
          },
          {
            "name": "xfree86-glx-array-dos(15272)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15272"
          },
          {
            "name": "20040406-01-U",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U"
          },
          {
            "name": "9701",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/9701"
          },
          {
            "name": "RHSA-2004:152",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2004-152.html"
          },
          {
            "name": "CLSA-2004:824",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000824"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-02-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "XFree86 4.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an out-of-bounds array index when using the GLX extension and Direct Rendering Infrastructure (DRI)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2004-08-12T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-443",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2004/dsa-443"
        },
        {
          "name": "xfree86-glx-array-dos(15272)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15272"
        },
        {
          "name": "20040406-01-U",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U"
        },
        {
          "name": "9701",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/9701"
        },
        {
          "name": "RHSA-2004:152",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2004-152.html"
        },
        {
          "name": "CLSA-2004:824",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000824"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-0093",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "XFree86 4.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an out-of-bounds array index when using the GLX extension and Direct Rendering Infrastructure (DRI)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-443",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2004/dsa-443"
            },
            {
              "name": "xfree86-glx-array-dos(15272)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15272"
            },
            {
              "name": "20040406-01-U",
              "refsource": "SGI",
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U"
            },
            {
              "name": "9701",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/9701"
            },
            {
              "name": "RHSA-2004:152",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2004-152.html"
            },
            {
              "name": "CLSA-2004:824",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000824"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-0093",
    "datePublished": "2004-09-01T04:00:00",
    "dateReserved": "2004-01-23T00:00:00",
    "dateUpdated": "2024-08-08T00:10:02.925Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-1999-0433
Vulnerability from cvelistv5
Published
1999-09-29 04:00
Modified
2024-08-01 16:41
Severity ?
Summary
XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T16:41:44.834Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0433"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-17T07:33:31",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0433"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-1999-0433",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0433",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0433"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-1999-0433",
    "datePublished": "1999-09-29T04:00:00",
    "dateReserved": "1999-06-07T00:00:00",
    "dateUpdated": "2024-08-01T16:41:44.834Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2001-1086
Vulnerability from cvelistv5
Published
2002-03-15 05:00
Modified
2024-08-08 04:44
Severity ?
Summary
XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X display via a brute force attack.
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/6808vdb-entry, x_refsource_XF
http://online.securityfocus.com/archive/1/195008mailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/194907mailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/bid/2985vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T04:44:07.287Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "xdm-cookie-brute-force(6808)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6808"
          },
          {
            "name": "20010705 Re: xdm cookies fast brute force",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://online.securityfocus.com/archive/1/195008"
          },
          {
            "name": "20010704 xdm cookies fast brute force",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/194907"
          },
          {
            "name": "2985",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/2985"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2001-07-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X display via a brute force attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-18T21:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "xdm-cookie-brute-force(6808)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6808"
        },
        {
          "name": "20010705 Re: xdm cookies fast brute force",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://online.securityfocus.com/archive/1/195008"
        },
        {
          "name": "20010704 xdm cookies fast brute force",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/194907"
        },
        {
          "name": "2985",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/2985"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2001-1086",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X display via a brute force attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "xdm-cookie-brute-force(6808)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6808"
            },
            {
              "name": "20010705 Re: xdm cookies fast brute force",
              "refsource": "BUGTRAQ",
              "url": "http://online.securityfocus.com/archive/1/195008"
            },
            {
              "name": "20010704 xdm cookies fast brute force",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/194907"
            },
            {
              "name": "2985",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/2985"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2001-1086",
    "datePublished": "2002-03-15T05:00:00",
    "dateReserved": "2002-03-15T00:00:00",
    "dateUpdated": "2024-08-08T04:44:07.287Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2000-0476
Vulnerability from cvelistv5
Published
2000-07-12 04:00
Modified
2024-08-08 05:21
Severity ?
Summary
xterm, Eterm, and rxvt allow an attacker to cause a denial of service by embedding certain escape characters which force the window to be resized.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T05:21:31.299Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20000601 Re: [rootshell.com] Xterm DoS Attack",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0420.html"
          },
          {
            "name": "20000601 [rootshell.com] Xterm DoS Attack",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0409.html"
          },
          {
            "name": "1298",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/1298"
          },
          {
            "name": "[oss-security] 20240609 vte 0.76.3 released with fix for CVE-2024-37535",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/06/09/1"
          },
          {
            "name": "[oss-security] 20240609 Re: vte 0.76.3 released with fix for CVE-2024-37535",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/06/09/2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2000-06-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "xterm, Eterm, and rxvt allow an attacker to cause a denial of service by embedding certain escape characters which force the window to be resized."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-10T16:13:15.549161",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20000601 Re: [rootshell.com] Xterm DoS Attack",
          "tags": [
            "mailing-list"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0420.html"
        },
        {
          "name": "20000601 [rootshell.com] Xterm DoS Attack",
          "tags": [
            "mailing-list"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0409.html"
        },
        {
          "name": "1298",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/1298"
        },
        {
          "name": "[oss-security] 20240609 vte 0.76.3 released with fix for CVE-2024-37535",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2024/06/09/1"
        },
        {
          "name": "[oss-security] 20240609 Re: vte 0.76.3 released with fix for CVE-2024-37535",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2024/06/09/2"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2000-0476",
    "datePublished": "2000-07-12T04:00:00",
    "dateReserved": "2000-07-11T00:00:00",
    "dateUpdated": "2024-08-08T05:21:31.299Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2003-0063
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-10-29 14:05
Summary
The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:43:35.241Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-380",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2003/dsa-380"
          },
          {
            "name": "RHSA-2003:067",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-067.html"
          },
          {
            "name": "RHSA-2003:066",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-066.html"
          },
          {
            "name": "20030224 Terminal Emulator Security Issues",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
          },
          {
            "name": "RHSA-2003:064",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-064.html"
          },
          {
            "name": "RHSA-2003:065",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-065.html"
          },
          {
            "name": "6940",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/6940"
          },
          {
            "name": "terminal-emulator-window-title(11414)",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/11414.php"
          },
          {
            "name": "20030224 Terminal Emulator Security Issues",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
          },
          {
            "name": "[oss-security] 20240615 iTerm2 3.5.x title reporting bug",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/06/15/1"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:xfree86:xfree86:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "xfree86",
            "vendor": "xfree86",
            "versions": [
              {
                "lessThanOrEqual": "4.2.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 7.3,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2003-0063",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-24T17:38:21.119752Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-29T14:05:49.769Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-02-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user\u0027s terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-15T10:05:53.568606",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-380",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2003/dsa-380"
        },
        {
          "name": "RHSA-2003:067",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-067.html"
        },
        {
          "name": "RHSA-2003:066",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-066.html"
        },
        {
          "name": "20030224 Terminal Emulator Security Issues",
          "tags": [
            "mailing-list"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
        },
        {
          "name": "RHSA-2003:064",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-064.html"
        },
        {
          "name": "RHSA-2003:065",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-065.html"
        },
        {
          "name": "6940",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/6940"
        },
        {
          "name": "terminal-emulator-window-title(11414)",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.iss.net/security_center/static/11414.php"
        },
        {
          "name": "20030224 Terminal Emulator Security Issues",
          "tags": [
            "mailing-list"
          ],
          "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
        },
        {
          "name": "[oss-security] 20240615 iTerm2 3.5.x title reporting bug",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2024/06/15/1"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-0063",
    "datePublished": "2004-09-01T04:00:00",
    "dateReserved": "2003-02-04T00:00:00",
    "dateUpdated": "2024-10-29T14:05:49.769Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2004-03-03 05:00
Modified
2024-11-20 23:47
Severity ?
Summary
Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106.
References
cve@mitre.orghttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821
cve@mitre.orghttp://marc.info/?l=bugtraq&m=107662833512775&w=2
cve@mitre.orghttp://marc.info/?l=bugtraq&m=110979666528890&w=2
cve@mitre.orghttp://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1
cve@mitre.orghttp://www.debian.org/security/2004/dsa-443
cve@mitre.orghttp://www.idefense.com/application/poi/display?id=73
cve@mitre.orghttp://www.kb.cert.org/vuls/id/667502US Government Resource
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2004:012
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2004_06_xf86.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-059.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-060.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-061.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/9652Exploit, Patch, Vendor Advisory
cve@mitre.orghttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/15200
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10405
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A807
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A831
af854a3a-2127-422b-91ae-364da2661108http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=107662833512775&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=110979666528890&w=2
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2004/dsa-443
af854a3a-2127-422b-91ae-364da2661108http://www.idefense.com/application/poi/display?id=73
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/667502US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2004:012
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2004_06_xf86.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-059.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-060.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-061.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/9652Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/15200
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10405
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A807
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A831
Impacted products



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "90FA67D9-8296-4534-8354-51B830DE3499",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A000C67-7EA3-47A7-9068-1C8744C182D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "25EDDB93-DD20-4DBE-962B-6334D5A7CB45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AC4F566-5D54-4364-B5AA-F846A0C8FCEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F9D1BD9-4300-43B5-A87B-E2BF74E55C87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:errata:*:*:*:*:*",
              "matchCriteriaId": "F4B7E143-E24B-40D2-897B-6D516566B7F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "837EBF15-6C7D-46B8-8A90-9DFBF2C09FF3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:openbsd:openbsd:3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC46909F-DDFC-448B-BCDF-1EB343F96630",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9496279F-AB43-4B53-81A6-87C651ABC4BA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en la funci\u00f3n ReadFontAlias en XFree86 4.1.0 a 4.3.0, cuando se usa la funci\u00f3n CopyISOLatin1Lowered, permite a usuarios locales o remotos autenticados ejecutar c\u00f3digo arbitrario mediante una entrada malformada en el fichero de aliases de fuentes (font.alias), una vulnerabilidad distinta de CAN-2004-0083 y CAN-2004-0106."
    }
  ],
  "id": "CVE-2004-0084",
  "lastModified": "2024-11-20T23:47:43.930",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-03-03T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=107662833512775\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=110979666528890\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2004/dsa-443"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.idefense.com/application/poi/display?id=73"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/667502"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:012"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2004_06_xf86.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-059.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2004-060.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2004-061.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/9652"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15200"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10405"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A807"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A831"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=107662833512775\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=110979666528890\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2004/dsa-443"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.idefense.com/application/poi/display?id=73"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/667502"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:012"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2004_06_xf86.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-059.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2004-060.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2004-061.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/9652"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15200"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10405"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A807"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A831"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2004-10-20 04:00
Modified
2024-11-20 23:49
Severity ?
Summary
Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.
References
cve@mitre.orghttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924
cve@mitre.orghttp://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch
cve@mitre.orghttp://lists.apple.com/archives/security-announce/2005/May/msg00001.html
cve@mitre.orghttp://marc.info/?l=bugtraq&m=109530851323415&w=2
cve@mitre.orghttp://packetstormsecurity.com/files/170620/Solaris-10-dtprintinfo-libXm-libXpm-Security-Issues.html
cve@mitre.orghttp://scary.beasts.org/security/CESA-2004-003.txt
cve@mitre.orghttp://secunia.com/advisories/20235
cve@mitre.orghttp://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1
cve@mitre.orghttp://www.debian.org/security/2004/dsa-560
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200409-34.xml
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200502-07.xml
cve@mitre.orghttp://www.kb.cert.org/vuls/id/882750US Government Resource
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2004:098
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html
cve@mitre.orghttp://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-537.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2005-004.html
cve@mitre.orghttp://www.securityfocus.com/archive/1/434715/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/434715/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/11196Patch, Vendor Advisory
cve@mitre.orghttp://www.us-cert.gov/cas/techalerts/TA05-136A.htmlUS Government Resource
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/1914
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/17414
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9187
cve@mitre.orghttps://usn.ubuntu.com/27-1/
af854a3a-2127-422b-91ae-364da2661108http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924
af854a3a-2127-422b-91ae-364da2661108http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2005/May/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=109530851323415&w=2
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/170620/Solaris-10-dtprintinfo-libXm-libXpm-Security-Issues.html
af854a3a-2127-422b-91ae-364da2661108http://scary.beasts.org/security/CESA-2004-003.txt
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/20235
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2004/dsa-560
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/882750US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2004:098
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-537.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-004.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/434715/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/434715/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/11196Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA05-136A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/1914
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/17414
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9187
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/27-1/



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:x.org:x11r6:6.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "76FFBC43-2178-48DF-B61E-CCBA4682AC5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:x.org:x11r6:6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F506308-E878-4AA5-B5D5-A7E148D63947",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0946A224-6A0C-4DE3-89F9-200682431737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F33E5444-E178-4F49-BDA1-DE576D8526EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BCC09AA-AB01-4583-8052-66DBF0E1861D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E49FAA6-E146-4AD5-845E-9445C7D9F088",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "43425C85-806B-4823-AD74-D0A0465FC8DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "90FA67D9-8296-4534-8354-51B830DE3499",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A000C67-7EA3-47A7-9068-1C8744C182D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "25EDDB93-DD20-4DBE-962B-6334D5A7CB45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AC4F566-5D54-4364-B5AA-F846A0C8FCEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F9D1BD9-4300-43B5-A87B-E2BF74E55C87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:errata:*:*:*:*:*",
              "matchCriteriaId": "F4B7E143-E24B-40D2-897B-6D516566B7F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "837EBF15-6C7D-46B8-8A90-9DFBF2C09FF3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9496279F-AB43-4B53-81A6-87C651ABC4BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:openbsd:openbsd:3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDA160D4-5CAB-44E7-880A-59DD98FEAD62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*",
              "matchCriteriaId": "D2E2EF3C-1379-4CBE-8FF5-DACD47834651",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8C55338-3372-413F-82E3-E1B476D6F41A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EFB33BF-F6A5-48C1-AEB5-194FCBCFC958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB0E2D3B-B50A-46C2-BA1E-3E014DE91954",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*",
              "matchCriteriaId": "F7446746-87B7-4BD3-AABF-1E0FAA8265AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*",
              "matchCriteriaId": "56EF103F-5668-4754-A83B-D3662D0CE815",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFABFCE5-4F86-4AE8-9849-BC360AC72098",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de b\u00fafer basados en la pila en (1) xpmParseColors en parse.c, (2) ParseAndPutPixels en create.c, y (3) ParsePixels en parse.c de libXpm anteriores a 6.8.1 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante una imagen XPM malformada."
    }
  ],
  "id": "CVE-2004-0687",
  "lastModified": "2024-11-20T23:49:10.207",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-10-20T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000924"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=109530851323415\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://packetstormsecurity.com/files/170620/Solaris-10-dtprintinfo-libXm-libXpm-Security-Issues.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://scary.beasts.org/security/CESA-2004-003.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/20235"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2004/dsa-560"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/882750"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:098"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-537.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2005-004.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/11196"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA05-136A.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/1914"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17414"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9187"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://usn.ubuntu.com/27-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000924"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=109530851323415\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/170620/Solaris-10-dtprintinfo-libXm-libXpm-Security-Issues.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://scary.beasts.org/security/CESA-2004-003.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/20235"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2004/dsa-560"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/882750"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:098"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-537.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2005-004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/11196"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA05-136A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/1914"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17414"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9187"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/27-1/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
      "lastModified": "2007-03-14T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2004-10-20 04:00
Modified
2024-11-20 23:49
Severity ?
Summary
Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.
References
cve@mitre.orghttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924
cve@mitre.orghttp://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch
cve@mitre.orghttp://lists.apple.com/archives/security-announce/2005/May/msg00001.html
cve@mitre.orghttp://marc.info/?l=bugtraq&m=109530851323415&w=2
cve@mitre.orghttp://scary.beasts.org/security/CESA-2004-003.txt
cve@mitre.orghttp://secunia.com/advisories/20235
cve@mitre.orghttp://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1
cve@mitre.orghttp://www.debian.org/security/2004/dsa-560
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200409-34.xml
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200502-07.xml
cve@mitre.orghttp://www.kb.cert.org/vuls/id/537878US Government Resource
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2004:098
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html
cve@mitre.orghttp://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-537.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2005-004.html
cve@mitre.orghttp://www.securityfocus.com/archive/1/434715/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/434715/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/11196Patch, Vendor Advisory
cve@mitre.orghttp://www.us-cert.gov/cas/techalerts/TA05-136A.htmlUS Government Resource
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/1914
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/17416
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11796
cve@mitre.orghttps://usn.ubuntu.com/27-1/
af854a3a-2127-422b-91ae-364da2661108http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924
af854a3a-2127-422b-91ae-364da2661108http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2005/May/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=109530851323415&w=2
af854a3a-2127-422b-91ae-364da2661108http://scary.beasts.org/security/CESA-2004-003.txt
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/20235
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2004/dsa-560
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/537878US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2004:098
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-537.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-004.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/434715/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/434715/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/11196Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA05-136A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/1914
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/17416
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11796
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/27-1/



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:x.org:x11r6:6.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "76FFBC43-2178-48DF-B61E-CCBA4682AC5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:x.org:x11r6:6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F506308-E878-4AA5-B5D5-A7E148D63947",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0946A224-6A0C-4DE3-89F9-200682431737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F33E5444-E178-4F49-BDA1-DE576D8526EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BCC09AA-AB01-4583-8052-66DBF0E1861D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E49FAA6-E146-4AD5-845E-9445C7D9F088",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "43425C85-806B-4823-AD74-D0A0465FC8DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "90FA67D9-8296-4534-8354-51B830DE3499",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A000C67-7EA3-47A7-9068-1C8744C182D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "25EDDB93-DD20-4DBE-962B-6334D5A7CB45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AC4F566-5D54-4364-B5AA-F846A0C8FCEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F9D1BD9-4300-43B5-A87B-E2BF74E55C87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:errata:*:*:*:*:*",
              "matchCriteriaId": "F4B7E143-E24B-40D2-897B-6D516566B7F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "837EBF15-6C7D-46B8-8A90-9DFBF2C09FF3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9496279F-AB43-4B53-81A6-87C651ABC4BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:openbsd:openbsd:3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDA160D4-5CAB-44E7-880A-59DD98FEAD62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*",
              "matchCriteriaId": "D2E2EF3C-1379-4CBE-8FF5-DACD47834651",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8C55338-3372-413F-82E3-E1B476D6F41A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EFB33BF-F6A5-48C1-AEB5-194FCBCFC958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB0E2D3B-B50A-46C2-BA1E-3E014DE91954",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*",
              "matchCriteriaId": "F7446746-87B7-4BD3-AABF-1E0FAA8265AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*",
              "matchCriteriaId": "56EF103F-5668-4754-A83B-D3662D0CE815",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFABFCE5-4F86-4AE8-9849-BC360AC72098",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de b\u00fafer en xpmParseColors en parse.c de libXpm anteriores a 6.8.1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante un fichero de imagen XPM malformado."
    }
  ],
  "id": "CVE-2004-0688",
  "lastModified": "2024-11-20T23:49:10.377",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-10-20T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000924"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=109530851323415\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://scary.beasts.org/security/CESA-2004-003.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/20235"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2004/dsa-560"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/537878"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:098"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-537.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2005-004.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/11196"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA05-136A.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/1914"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17416"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11796"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://usn.ubuntu.com/27-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000924"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=109530851323415\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://scary.beasts.org/security/CESA-2004-003.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/20235"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2004/dsa-560"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/537878"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:098"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-537.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2005-004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/11196"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA05-136A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/1914"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17416"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11796"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/27-1/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
      "lastModified": "2007-03-14T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2007-04-06 01:19
Modified
2024-11-21 00:28
Severity ?
Summary
Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.
References
secalert@redhat.comhttp://issues.foresightlinux.org/browse/FL-223
secalert@redhat.comhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501Patch
secalert@redhat.comhttp://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html
secalert@redhat.comhttp://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
secalert@redhat.comhttp://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2007-0125.html
secalert@redhat.comhttp://secunia.com/advisories/24741Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/24745
secalert@redhat.comhttp://secunia.com/advisories/24756
secalert@redhat.comhttp://secunia.com/advisories/24758
secalert@redhat.comhttp://secunia.com/advisories/24765
secalert@redhat.comhttp://secunia.com/advisories/24768
secalert@redhat.comhttp://secunia.com/advisories/24770Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/24771
secalert@redhat.comhttp://secunia.com/advisories/24772
secalert@redhat.comhttp://secunia.com/advisories/24776
secalert@redhat.comhttp://secunia.com/advisories/24791
secalert@redhat.comhttp://secunia.com/advisories/24885
secalert@redhat.comhttp://secunia.com/advisories/24889
secalert@redhat.comhttp://secunia.com/advisories/24921
secalert@redhat.comhttp://secunia.com/advisories/24996
secalert@redhat.comhttp://secunia.com/advisories/25004
secalert@redhat.comhttp://secunia.com/advisories/25006
secalert@redhat.comhttp://secunia.com/advisories/25096
secalert@redhat.comhttp://secunia.com/advisories/25195
secalert@redhat.comhttp://secunia.com/advisories/25216
secalert@redhat.comhttp://secunia.com/advisories/25305
secalert@redhat.comhttp://secunia.com/advisories/25495
secalert@redhat.comhttp://secunia.com/advisories/28333
secalert@redhat.comhttp://secunia.com/advisories/30161
secalert@redhat.comhttp://secunia.com/advisories/33937
secalert@redhat.comhttp://security.gentoo.org/glsa/glsa-200705-02.xml
secalert@redhat.comhttp://security.gentoo.org/glsa/glsa-200705-10.xml
secalert@redhat.comhttp://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.626733
secalert@redhat.comhttp://sourceforge.net/project/shownotes.php?group_id=3157&release_id=498954
secalert@redhat.comhttp://sourceforge.net/project/shownotes.php?release_id=498954
secalert@redhat.comhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1
secalert@redhat.comhttp://support.apple.com/kb/HT3438
secalert@redhat.comhttp://support.avaya.com/elmodocs2/security/ASA-2007-178.htm
secalert@redhat.comhttp://support.avaya.com/elmodocs2/security/ASA-2007-193.htm
secalert@redhat.comhttp://www.debian.org/security/2007/dsa-1294
secalert@redhat.comhttp://www.debian.org/security/2008/dsa-1454
secalert@redhat.comhttp://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDKSA-2007:079
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDKSA-2007:080
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDKSA-2007:081
secalert@redhat.comhttp://www.novell.com/linux/security/advisories/2007_27_x.html
secalert@redhat.comhttp://www.novell.com/linux/security/advisories/2007_6_sr.html
secalert@redhat.comhttp://www.openbsd.org/errata39.html#021_xorg
secalert@redhat.comhttp://www.openbsd.org/errata40.html#011_xorg
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2007-0126.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2007-0132.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2007-0150.html
secalert@redhat.comhttp://www.securityfocus.com/archive/1/464686/100/0/threaded
secalert@redhat.comhttp://www.securityfocus.com/archive/1/464816/100/0/threaded
secalert@redhat.comhttp://www.securityfocus.com/bid/23283Patch
secalert@redhat.comhttp://www.securityfocus.com/bid/23300
secalert@redhat.comhttp://www.securityfocus.com/bid/23402
secalert@redhat.comhttp://www.securitytracker.com/id?1017857
secalert@redhat.comhttp://www.trustix.org/errata/2007/0013/
secalert@redhat.comhttp://www.ubuntu.com/usn/usn-448-1
secalert@redhat.comhttp://www.vupen.com/english/advisories/2007/1217
secalert@redhat.comhttp://www.vupen.com/english/advisories/2007/1264
secalert@redhat.comhttp://www.vupen.com/english/advisories/2007/1548
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/33417
secalert@redhat.comhttps://issues.rpath.com/browse/RPL-1213
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11266
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1810
af854a3a-2127-422b-91ae-364da2661108http://issues.foresightlinux.org/browse/FL-223
af854a3a-2127-422b-91ae-364da2661108http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501Patch
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
af854a3a-2127-422b-91ae-364da2661108http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2007-0125.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24741Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24745
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24756
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24758
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24765
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24768
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24770Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24771
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24772
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24776
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24791
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24885
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24889
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24921
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24996
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/25004
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/25006
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/25096
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/25195
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/25216
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/25305
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/25495
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28333
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30161
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/33937
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200705-02.xml
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200705-10.xml
af854a3a-2127-422b-91ae-364da2661108http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.626733
af854a3a-2127-422b-91ae-364da2661108http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=498954
af854a3a-2127-422b-91ae-364da2661108http://sourceforge.net/project/shownotes.php?release_id=498954
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT3438
af854a3a-2127-422b-91ae-364da2661108http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm
af854a3a-2127-422b-91ae-364da2661108http://support.avaya.com/elmodocs2/security/ASA-2007-193.htm
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2007/dsa-1294
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2008/dsa-1454
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2007:079
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2007:080
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2007:081
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2007_27_x.html
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2007_6_sr.html
af854a3a-2127-422b-91ae-364da2661108http://www.openbsd.org/errata39.html#021_xorg
af854a3a-2127-422b-91ae-364da2661108http://www.openbsd.org/errata40.html#011_xorg
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2007-0126.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2007-0132.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2007-0150.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/464686/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/464816/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/23283Patch
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/23300
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/23402
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1017857
af854a3a-2127-422b-91ae-364da2661108http://www.trustix.org/errata/2007/0013/
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-448-1
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/1217
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/1264
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/1548
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/33417
af854a3a-2127-422b-91ae-364da2661108https://issues.rpath.com/browse/RPL-1213
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11266
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1810



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:amd64:*:*:*:*:*",
              "matchCriteriaId": "86FD134D-A5C5-4B08-962D-70CF07C74923",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:i386:*:*:*:*:*",
              "matchCriteriaId": "FA84692E-F99D-4207-B4F2-799A6ADB88AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:powerpc:*:*:*:*:*",
              "matchCriteriaId": "8B0F1091-4B76-44F5-B896-6D37E2F909A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:sparc:*:*:*:*:*",
              "matchCriteriaId": "EF15862D-6108-4791-8817-622123C8D10C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:amd64:*:*:*:*:*",
              "matchCriteriaId": "F1672825-AB87-4402-A628-B33AE5B7D4C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:i386:*:*:*:*:*",
              "matchCriteriaId": "939216D8-9E6C-419E-BC0A-EC7F0F29CE95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:powerpc:*:*:*:*:*",
              "matchCriteriaId": "E520564E-964D-4758-945B-5EF0C35E605C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:sparc:*:*:*:*:*",
              "matchCriteriaId": "2294D5A7-7B36-497A-B0F1-514BC49E1423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:amd64:*:*:*:*:*",
              "matchCriteriaId": "AB80939E-8B58-48B6-AFB7-9CF518C0EE1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:i386:*:*:*:*:*",
              "matchCriteriaId": "80FF1759-5F86-4046-ABA3-EB7B0038F656",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:powerpc:*:*:*:*:*",
              "matchCriteriaId": "DF578B64-57E2-4FCD-A6E1-F8F3317FDB88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:sparc:*:*:*:*:*",
              "matchCriteriaId": "61B11116-FA94-4989-89A1-C7B551D5195A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:x.org:libxfont:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFADBA5A-8168-40B8-B5CA-0F1F7F9193D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "837EBF15-6C7D-46B8-8A90-9DFBF2C09FF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E859A205-0DC2-4E28-8FF0-72D66DE9B280",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F18E8C7B-53AC-4BC7-9E00-A70293172B58",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:rpath:rpath_linux:1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DD12BC0-1E50-49C6-AD0D-8CE90F0E8449",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*",
              "matchCriteriaId": "2641EE56-6F9D-400B-B456-877F4DA79B10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*",
              "matchCriteriaId": "A4A9461E-C117-42EC-9F14-DF2A82BA7C5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*",
              "matchCriteriaId": "E0B458EA-495E-40FA-9379-C03757F7B1EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*",
              "matchCriteriaId": "409E324A-C040-494F-A026-9DCAE01C07F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*",
              "matchCriteriaId": "1728AB5D-55A9-46B0-A412-6F7263CAEB5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*",
              "matchCriteriaId": "6474B775-C893-491F-A074-802AFB1FEDD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:*",
              "matchCriteriaId": "81B543F9-C209-46C2-B0AE-E14818A6992E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*",
              "matchCriteriaId": "EC79FF22-2664-4C40-B0B3-6D23B5F45162",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation:*:*:*:*:*",
              "matchCriteriaId": "DB89C970-DE94-4E09-A90A-077DB83AD156",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:advanced_server:*:*:*:*:*",
              "matchCriteriaId": "F9440B25-D206-4914-9557-B5F030890DEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:enterprise_server:*:*:*:*:*",
              "matchCriteriaId": "E9933557-3BCA-4D92-AD4F-27758A0D3347",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:workstation:*:*:*:*:*",
              "matchCriteriaId": "10A60552-15A5-4E95-B3CE-99A4B26260C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:desktop:*:*:*:*:*",
              "matchCriteriaId": "FE524195-06F1-4504-9223-07596588CC70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:desktop_workstation:*:*:*:*:*",
              "matchCriteriaId": "2FEED00F-3B70-4E57-AD80-7903AECED14B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:server:*:*:*:*:*",
              "matchCriteriaId": "40D71CBC-D365-4710-BAB5-8A1159F35E41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D74A418-50F0-42C0-ABBC-BBBE718FF025",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*",
              "matchCriteriaId": "84A50ED3-FD0D-4038-B3E7-CC65D166C968",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*",
              "matchCriteriaId": "8DBD9D3C-40AB-449D-A9A8-A09DF2DEDB96",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:openbsd:openbsd:3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5BB6C5D-4C43-4BB8-B1CE-A70BBE650CA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:openbsd:openbsd:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC77812C-D84E-493E-9D21-1BA6C2129E70",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "02362C25-B373-4FB1-AF4A-2AFC7F7D4387",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:x86_64:*:*:*:*:*",
              "matchCriteriaId": "19AD5F8D-6EB9-4E4B-9E82-FFBAB68797E9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BB0B27C-04EA-426F-9016-7406BACD91DF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*",
              "matchCriteriaId": "BB2B1BA5-8370-4281-B5C9-3D4FE6C70FBC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "94F65351-C2DA-41C0-A3F9-1AE951E4386E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*",
              "matchCriteriaId": "1B795F9F-AFB3-4A2A-ABC6-9246906800DE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "77FF1412-A7DA-4669-8AE1-5A529AB387FB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de enteros en la funci\u00f3n bdfReadCharacters en (1) X.Org libXfont before 20070403 y (2) freetype 2.3.2 y permite a usuarios remotos validados ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de fuentes manipuladas BDF, las cueles dan como resultado un desbordamiento de pila."
    }
  ],
  "id": "CVE-2007-1351",
  "lastModified": "2024-11-21T00:28:05.320",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 8.5,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-04-06T01:19:00.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://issues.foresightlinux.org/browse/FL-223"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-0125.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24741"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/24745"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/24756"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/24758"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/24765"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/24768"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24770"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/24771"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/24772"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/24776"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/24791"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/24885"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/24889"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/24921"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/24996"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/25004"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/25006"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/25096"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/25195"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/25216"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/25305"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/25495"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/28333"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/30161"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/33937"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://security.gentoo.org/glsa/glsa-200705-02.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://security.gentoo.org/glsa/glsa-200705-10.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.626733"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://sourceforge.net/project/shownotes.php?group_id=3157\u0026release_id=498954"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://sourceforge.net/project/shownotes.php?release_id=498954"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.apple.com/kb/HT3438"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-193.htm"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2007/dsa-1294"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2008/dsa-1454"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:079"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:080"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:081"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.novell.com/linux/security/advisories/2007_27_x.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.novell.com/linux/security/advisories/2007_6_sr.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openbsd.org/errata39.html#021_xorg"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openbsd.org/errata40.html#011_xorg"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0126.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0132.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0150.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/464686/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/464816/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/23283"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/23300"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/23402"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id?1017857"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.trustix.org/errata/2007/0013/"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/usn-448-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2007/1217"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2007/1264"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2007/1548"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33417"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://issues.rpath.com/browse/RPL-1213"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11266"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1810"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://issues.foresightlinux.org/browse/FL-223"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-0125.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24741"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24745"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24756"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24758"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24765"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24768"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24770"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24771"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24772"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24776"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24791"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24885"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24889"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24921"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24996"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/25004"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/25006"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/25096"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/25195"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/25216"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/25305"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/25495"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28333"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30161"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/33937"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200705-02.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200705-10.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.626733"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sourceforge.net/project/shownotes.php?group_id=3157\u0026release_id=498954"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sourceforge.net/project/shownotes.php?release_id=498954"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT3438"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-193.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2007/dsa-1294"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2008/dsa-1454"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:079"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:080"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:081"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2007_27_x.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2007_6_sr.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openbsd.org/errata39.html#021_xorg"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openbsd.org/errata40.html#011_xorg"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0126.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0132.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0150.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/464686/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/464816/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/23283"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/23300"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/23402"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1017857"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.trustix.org/errata/2007/0013/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-448-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/1217"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/1264"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/1548"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33417"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.rpath.com/browse/RPL-1213"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11266"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1810"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
1999-03-21 05:00
Modified
2024-11-20 23:28
Severity ?
Summary
XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C104B02C-3F3B-4DB4-8A1D-65A7DAA380EB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netbsd:netbsd:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D3C937A-E9D8-474A-ABEB-A927EF7CC5B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:netbsd:netbsd:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A8F8DE7-7A84-4350-A6D8-FCCB561D63B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EF44364-0F57-4B74-81B0-501EA6B58501",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:5.2:*:i386:*:*:*:*:*",
              "matchCriteriaId": "363AB7DB-A8BA-4D58-97C4-1DF1F0F43E07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:slackware:slackware_linux:3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "06F2131E-F9F2-4E65-B95C-B52DB25C69F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:slackware:slackware_linux:3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6732144-10D4-4114-A7DA-32157EE3EF38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:slackware:slackware_linux:3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "125918E7-53BB-407A-8D95-5D95CDF39A88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:slackware:slackware_linux:3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE0BBA4F-C61A-4A8E-A7E2-CE0DF76DF592",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:slackware:slackware_linux:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC3B1DD9-10B5-40FE-AE56-D068C41653DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C0BBDD2-9FF9-4CB7-BCAF-D4AF15DC2C7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1C826AA-6E2F-4DAC-A7A2-9F47729B5DA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F163E145-09F7-4BE2-9B46-5B6713070BAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "124E1802-7984-45ED-8A92-393FC20662FD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service."
    }
  ],
  "id": "CVE-1999-0433",
  "lastModified": "2024-11-20T23:28:43.620",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "1999-03-21T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0433"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0433"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2005-03-02 05:00
Modified
2024-11-20 23:55
Severity ?
Summary
scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.
References
cve@mitre.orgftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.5/SCOSA-2006.5.txt
cve@mitre.orgftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.57/SCOSA-2005.57.txt
cve@mitre.orgftp://patches.sgi.com/support/free/security/advisories/20060403-01-U
cve@mitre.orghttp://bugs.gentoo.org/show_bug.cgi?id=83598Patch, Vendor Advisory
cve@mitre.orghttp://bugs.gentoo.org/show_bug.cgi?id=83655Patch, Vendor Advisory
cve@mitre.orghttp://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html
cve@mitre.orghttp://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html
cve@mitre.orghttp://secunia.com/advisories/14460
cve@mitre.orghttp://secunia.com/advisories/18049
cve@mitre.orghttp://secunia.com/advisories/18316
cve@mitre.orghttp://secunia.com/advisories/19624
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200503-08.xmlPatch, Vendor Advisory
cve@mitre.orghttp://securitytracker.com/id?1013339Patch, Vendor Advisory
cve@mitre.orghttp://www.debian.org/security/2005/dsa-723Patch, Vendor Advisory
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200503-15.xmlPatch, Vendor Advisory
cve@mitre.orghttp://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2005-044.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2005-198.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2005-331.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2005-412.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2005-473.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2008-0261.html
cve@mitre.orghttp://www.securityfocus.com/bid/12714Patch, Vendor Advisory
cve@mitre.orghttps://bugs.freedesktop.org/attachment.cgi?id=1909Vendor Advisory
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10411
cve@mitre.orghttps://usn.ubuntu.com/92-1/
cve@mitre.orghttps://usn.ubuntu.com/97-1/
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.5/SCOSA-2006.5.txt
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.57/SCOSA-2005.57.txt
af854a3a-2127-422b-91ae-364da2661108ftp://patches.sgi.com/support/free/security/advisories/20060403-01-U
af854a3a-2127-422b-91ae-364da2661108http://bugs.gentoo.org/show_bug.cgi?id=83598Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://bugs.gentoo.org/show_bug.cgi?id=83655Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/14460
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/18049
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/18316
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19624
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200503-08.xmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1013339Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2005/dsa-723Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200503-15.xmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-044.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-198.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-331.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-412.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-473.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2008-0261.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/12714Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugs.freedesktop.org/attachment.cgi?id=1909Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10411
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/92-1/
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/97-1/
Impacted products
Vendor Product Version
lesstif lesstif 0.93.94
sgi propack 3.0
x.org x11r6 6.7.0
x.org x11r6 6.8
x.org x11r6 6.8.1
xfree86_project x11r6 3.3
xfree86_project x11r6 3.3.2
xfree86_project x11r6 3.3.3
xfree86_project x11r6 3.3.4
xfree86_project x11r6 3.3.5
xfree86_project x11r6 3.3.6
xfree86_project x11r6 4.0
xfree86_project x11r6 4.0.1
xfree86_project x11r6 4.0.2.11
xfree86_project x11r6 4.0.3
xfree86_project x11r6 4.1.0
xfree86_project x11r6 4.1.11
xfree86_project x11r6 4.1.12
xfree86_project x11r6 4.2.0
xfree86_project x11r6 4.2.1
xfree86_project x11r6 4.2.1
xfree86_project x11r6 4.3.0
xfree86_project x11r6 4.3.0.1
xfree86_project x11r6 4.3.0.2
altlinux alt_linux 2.3
altlinux alt_linux 2.3
mandrakesoft mandrake_linux 10.0
mandrakesoft mandrake_linux 10.0
mandrakesoft mandrake_linux 10.1
mandrakesoft mandrake_linux 10.1
mandrakesoft mandrake_linux 10.2
mandrakesoft mandrake_linux 10.2
mandrakesoft mandrake_linux_corporate_server 2.1
mandrakesoft mandrake_linux_corporate_server 2.1
mandrakesoft mandrake_linux_corporate_server 3.0
mandrakesoft mandrake_linux_corporate_server 3.0
redhat enterprise_linux 3.0
redhat enterprise_linux 3.0
redhat enterprise_linux 3.0
redhat enterprise_linux 4.0
redhat enterprise_linux 4.0
redhat enterprise_linux 4.0
redhat enterprise_linux_desktop 3.0
redhat enterprise_linux_desktop 4.0
redhat fedora_core core_2.0
redhat fedora_core core_3.0
suse suse_linux 6.1
suse suse_linux 6.1
suse suse_linux 6.2
suse suse_linux 6.3
suse suse_linux 6.3
suse suse_linux 6.3
suse suse_linux 6.4
suse suse_linux 6.4
suse suse_linux 6.4
suse suse_linux 6.4
suse suse_linux 7.0
suse suse_linux 7.0
suse suse_linux 7.0
suse suse_linux 7.0
suse suse_linux 7.0
suse suse_linux 7.1
suse suse_linux 7.1
suse suse_linux 7.1
suse suse_linux 7.1
suse suse_linux 7.1
suse suse_linux 7.2
suse suse_linux 7.2
suse suse_linux 7.3
suse suse_linux 7.3
suse suse_linux 7.3
suse suse_linux 7.3
suse suse_linux 8.0
suse suse_linux 8.0
suse suse_linux 8.1
suse suse_linux 8.2
suse suse_linux 9.0
suse suse_linux 9.0
suse suse_linux 9.1
suse suse_linux 9.1
suse suse_linux 9.2
suse suse_linux 9.2



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:lesstif:lesstif:0.93.94:*:*:*:*:*:*:*",
              "matchCriteriaId": "63A4B331-2868-46E3-9734-DC3AEFD2F756",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "29DC217F-C257-4A3C-9CBD-08010C30BEC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:x.org:x11r6:6.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "76FFBC43-2178-48DF-B61E-CCBA4682AC5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:x.org:x11r6:6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F506308-E878-4AA5-B5D5-A7E148D63947",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:x.org:x11r6:6.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D129D08C-AF18-4F9D-9781-64B8C1CFD65E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE887A26-0590-40DE-ACE2-28A30E5228AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "23FF2D1C-D328-49BE-87CF-938FB533180B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C104B02C-3F3B-4DB4-8A1D-65A7DAA380EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEECB0ED-A5C9-4675-9CEB-AD6C19EDA7D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B43D5F86-97B2-4175-8ED7-1F937850F9DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0946A224-6A0C-4DE3-89F9-200682431737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F33E5444-E178-4F49-BDA1-DE576D8526EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BCC09AA-AB01-4583-8052-66DBF0E1861D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E49FAA6-E146-4AD5-845E-9445C7D9F088",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "43425C85-806B-4823-AD74-D0A0465FC8DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "90FA67D9-8296-4534-8354-51B830DE3499",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A000C67-7EA3-47A7-9068-1C8744C182D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "25EDDB93-DD20-4DBE-962B-6334D5A7CB45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AC4F566-5D54-4364-B5AA-F846A0C8FCEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F9D1BD9-4300-43B5-A87B-E2BF74E55C87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:errata:*:*:*:*:*",
              "matchCriteriaId": "F4B7E143-E24B-40D2-897B-6D516566B7F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "837EBF15-6C7D-46B8-8A90-9DFBF2C09FF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E859A205-0DC2-4E28-8FF0-72D66DE9B280",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F18E8C7B-53AC-4BC7-9E00-A70293172B58",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:altlinux:alt_linux:2.3:*:compact:*:*:*:*:*",
              "matchCriteriaId": "64BE98C2-8EFA-4349-9FE2-D62CA63A16C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:altlinux:alt_linux:2.3:*:junior:*:*:*:*:*",
              "matchCriteriaId": "7D0AC3A3-A37C-4053-B05F-A031877AC811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A06E5CD0-8BEC-4F4C-9E11-1FEE0563946C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*",
              "matchCriteriaId": "A3BDD466-84C9-4CFC-A3A8-7AC0F752FB53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3528DABD-B821-4D23-AE12-614A9CA92C46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:x86_64:*:*:*:*:*",
              "matchCriteriaId": "9E661D58-18DF-4CCF-9892-F873618F4535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "11D69B83-4EF3-407B-8E8C-DE623F099C17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.2:*:x86_64:*:*:*:*:*",
              "matchCriteriaId": "F1D16230-3699-4AAA-9CAE-5CAF34628885",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0F0D201-B1DC-4024-AF77-A284673618F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:x86_64:*:*:*:*:*",
              "matchCriteriaId": "052E3862-BFB7-42E7-889D-8590AFA8EF37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BB0B27C-04EA-426F-9016-7406BACD91DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*",
              "matchCriteriaId": "BB2B1BA5-8370-4281-B5C9-3D4FE6C70FBC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*",
              "matchCriteriaId": "78B46FFA-5B09-473E-AD33-3DB18BD0DAFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*",
              "matchCriteriaId": "EC79FF22-2664-4C40-B0B3-6D23B5F45162",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*",
              "matchCriteriaId": "0EFE2E73-9536-41A9-B83B-0A06B54857F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:advanced_server:*:*:*:*:*",
              "matchCriteriaId": "F9440B25-D206-4914-9557-B5F030890DEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:enterprise_server:*:*:*:*:*",
              "matchCriteriaId": "E9933557-3BCA-4D92-AD4F-27758A0D3347",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:workstation:*:*:*:*:*",
              "matchCriteriaId": "10A60552-15A5-4E95-B3CE-99A4B26260C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D74A418-50F0-42C0-ABBC-BBBE718FF025",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6996B14-925B-46B8-982F-3545328B506B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC80CF67-C51D-442C-9526-CFEDE84A6304",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "124E1802-7984-45ED-8A92-393FC20662FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:6.1:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "C7F08806-9458-439A-8EAE-2553122262ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B67020A-6942-4478-B501-764147C4970D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AD0FF64-05DF-48C2-9BB5-FD993121FB2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:6.3:*:ppc:*:*:*:*:*",
              "matchCriteriaId": "E74E0A28-7C78-4160-8BCF-99605285C0EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:6.3:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "76159C25-0760-47CB-AFCE-28306CDEA830",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7786607A-362E-4817-A17E-C76D6A1F737D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:6.4:*:i386:*:*:*:*:*",
              "matchCriteriaId": "8A206E1C-C2EC-4356-8777-B18D7069A4C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:6.4:*:ppc:*:*:*:*:*",
              "matchCriteriaId": "6E2FE291-1142-4627-A497-C0BB0D934A0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:6.4:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "49BC7C7E-046C-4186-822E-9F3A2AD3577B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9E7D75A-333E-4C63-9593-F64ABA5D1CE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:7.0:*:i386:*:*:*:*:*",
              "matchCriteriaId": "2FE69F6F-6B17-4C87-ACA4-A2A1FB47206A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:7.0:*:ppc:*:*:*:*:*",
              "matchCriteriaId": "467A30EB-CB8F-4928-AC8F-F659084A9E2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:7.0:*:sparc:*:*:*:*:*",
              "matchCriteriaId": "714C1439-AB8E-4A8B-A783-D60E9DDC38D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:7.0:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "62CAE5B0-4D46-4A93-A343-C8E9CB574C62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "819868A7-EB1E-4CA9-8D71-72F194E5EFEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:7.1:*:spa:*:*:*:*:*",
              "matchCriteriaId": "FB647A8B-ADB9-402B-96E1-45321C75731B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:7.1:*:sparc:*:*:*:*:*",
              "matchCriteriaId": "0944FD27-736E-4B55-8D96-9F2CA9BB9B05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:7.1:*:x86:*:*:*:*:*",
              "matchCriteriaId": "373BB5AC-1F38-4D0A-97DC-08E9654403EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:7.1:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "B5E71DA3-F4A0-46AF-92A2-E691C7A65528",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0519FF7D-363E-4530-9E63-6EA3E88432DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:7.2:*:i386:*:*:*:*:*",
              "matchCriteriaId": "1975A2DD-EB22-4ED3-8719-F78AA7F414B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAE3FF4F-646F-4E05-A08A-C9399DEF60F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:7.3:*:i386:*:*:*:*:*",
              "matchCriteriaId": "19F606EE-530F-4C06-82DB-52035EE03FA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:7.3:*:ppc:*:*:*:*:*",
              "matchCriteriaId": "A0E896D5-0005-4E7E-895D-B202AFCE09A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:7.3:*:sparc:*:*:*:*:*",
              "matchCriteriaId": "5A8B313F-93C7-4558-9571-DE1111487E17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "28CD54FE-D682-4063-B7C3-8B29B26B39AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:8.0:*:i386:*:*:*:*:*",
              "matchCriteriaId": "37F124FE-15F1-49D7-9E03-8E036CE1A20C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8C55338-3372-413F-82E3-E1B476D6F41A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EFB33BF-F6A5-48C1-AEB5-194FCBCFC958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB0E2D3B-B50A-46C2-BA1E-3E014DE91954",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*",
              "matchCriteriaId": "56EF103F-5668-4754-A83B-D3662D0CE815",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFABFCE5-4F86-4AE8-9849-BC360AC72098",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:9.1:*:x86_64:*:*:*:*:*",
              "matchCriteriaId": "D5F98B9A-880E-45F0-8C16-12B22970F0D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFF36BC6-6CCD-4FEE-A120-5B8C4BF5620C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:9.2:*:x86_64:*:*:*:*:*",
              "matchCriteriaId": "B905C6E9-5058-4FD7-95B6-CD6AB6B2F516",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow."
    }
  ],
  "id": "CVE-2005-0605",
  "lastModified": "2024-11-20T23:55:30.283",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-03-02T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.5/SCOSA-2006.5.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.57/SCOSA-2005.57.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20060403-01-U"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=83598"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=83655"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/14460"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/18049"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/18316"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/19624"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-200503-08.xml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://securitytracker.com/id?1013339"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2005/dsa-723"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200503-15.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2005-044.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2005-198.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2005-331.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2005-412.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2005-473.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/12714"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://bugs.freedesktop.org/attachment.cgi?id=1909"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10411"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://usn.ubuntu.com/92-1/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://usn.ubuntu.com/97-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.5/SCOSA-2006.5.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.57/SCOSA-2005.57.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20060403-01-U"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=83598"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=83655"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/14460"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/18049"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/18316"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/19624"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-200503-08.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://securitytracker.com/id?1013339"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2005/dsa-723"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200503-15.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2005-044.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2005-198.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2005-331.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2005-412.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2005-473.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/12714"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://bugs.freedesktop.org/attachment.cgi?id=1909"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10411"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/92-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/97-1/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
      "lastModified": "2007-03-14T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2002-12-11 05:00
Modified
2024-11-20 23:41
Severity ?
Summary
Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query.
References
cve@mitre.orgftp://patches.sgi.com/support/free/security/advisories/20021202-01-I
cve@mitre.orghttp://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21541Patch, Vendor Advisory
cve@mitre.orghttp://marc.info/?l=bugtraq&m=103825150527843&w=2
cve@mitre.orghttp://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/48879
cve@mitre.orghttp://www.cert.org/advisories/CA-2002-34.htmlThird Party Advisory, US Government Resource
cve@mitre.orghttp://www.ciac.org/ciac/bulletins/n-024.shtml
cve@mitre.orghttp://www.iss.net/security_center/static/10375.phpPatch, Vendor Advisory
cve@mitre.orghttp://www.kb.cert.org/vuls/id/312313US Government Resource
cve@mitre.orghttp://www.securityfocus.com/advisories/4988
cve@mitre.orghttp://www.securityfocus.com/bid/6241Patch, Vendor Advisory
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A149
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A152
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2816
af854a3a-2127-422b-91ae-364da2661108ftp://patches.sgi.com/support/free/security/advisories/20021202-01-I
af854a3a-2127-422b-91ae-364da2661108http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21541Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=103825150527843&w=2
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/48879
af854a3a-2127-422b-91ae-364da2661108http://www.cert.org/advisories/CA-2002-34.htmlThird Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.ciac.org/ciac/bulletins/n-024.shtml
af854a3a-2127-422b-91ae-364da2661108http://www.iss.net/security_center/static/10375.phpPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/312313US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/advisories/4988
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/6241Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A149
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A152
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2816
Impacted products
Vendor Product Version
xfree86_project x11r6 3.3
xfree86_project x11r6 3.3.2
xfree86_project x11r6 3.3.3
xfree86_project x11r6 3.3.4
xfree86_project x11r6 3.3.5
sgi irix 6.5
sgi irix 6.5.1
sgi irix 6.5.2
sgi irix 6.5.3
sgi irix 6.5.4
sgi irix 6.5.5
sgi irix 6.5.6
sgi irix 6.5.7
sgi irix 6.5.8
sgi irix 6.5.9
sgi irix 6.5.10
sgi irix 6.5.11
sgi irix 6.5.12
sgi irix 6.5.13
hp hp-ux 10.10
hp hp-ux 10.20
hp hp-ux 10.24
hp hp-ux 11.00
hp hp-ux 11.04
hp hp-ux 11.11
hp hp-ux 11.22
sun solaris 2.5.1
sun solaris 2.5.1
sun solaris 2.6
sun solaris 7.0
sun solaris 8.0
sun solaris 9.0
sun solaris 9.0
sun sunos -
sun sunos 5.5.1
sun sunos 5.7
sun sunos 5.8



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE887A26-0590-40DE-ACE2-28A30E5228AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "23FF2D1C-D328-49BE-87CF-938FB533180B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C104B02C-3F3B-4DB4-8A1D-65A7DAA380EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEECB0ED-A5C9-4675-9CEB-AD6C19EDA7D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B43D5F86-97B2-4175-8ED7-1F937850F9DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sgi:irix:6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C30D6962-3DBB-4DF8-A04F-8E47AFEDCF99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sgi:irix:6.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "36B60E50-4F5A-4404-BEA3-C94F7D27B156",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sgi:irix:6.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6ECB750B-9F53-4DB6-8B26-71BCCA446FF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sgi:irix:6.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6B2E6D1-8C2D-4E15-A6BB-E4FE878ED1E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sgi:irix:6.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "440B7208-34DB-4898-8461-4E703F7EDFB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sgi:irix:6.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5663579C-3AD2-4E5B-A595-C8DB984F9C26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sgi:irix:6.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D07AA144-6FD7-4C80-B4F2-D21C1AFC864A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sgi:irix:6.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "29113D8E-9618-4A0E-9157-678332082858",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sgi:irix:6.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "313613E9-4837-433C-90EE-84A92E8D24E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sgi:irix:6.5.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "41AA1290-5039-406F-B195-3A4C018202D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sgi:irix:6.5.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "60CC9410-F6B8-4748-B76F-30626279028E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sgi:irix:6.5.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCC67401-C85A-4E4E-AE61-85FEBBF4346B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sgi:irix:6.5.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C4427AC-07C1-4765-981B-B5D86D698C2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sgi:irix:6.5.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "63EF0CEE-74A9-45C8-8AFD-77815230ACC6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:10.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "38BFA923-7D80-4F01-AF9F-6F13209948AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDE44C49-172C-4899-8CC8-29AA99A7CD2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:10.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "4259A901-A1CF-44EE-80C4-2031D3FCADC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "771931F7-9180-4EBD-8627-E1CF17D24647",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:11.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B7A7B90-9086-4A10-8FB4-1C1D909BC173",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDD9BE2B-7255-4FC1-B452-E8370632B03F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBD0DC0A-ACAD-4870-9C0F-3095F2AC8CCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sun:solaris:2.5.1:*:ppc:*:*:*:*:*",
              "matchCriteriaId": "54AF87E4-52A4-44CA-B48E-A5BB139E6410",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sun:solaris:2.5.1:*:x86:*:*:*:*:*",
              "matchCriteriaId": "F66BAF35-A8B9-4E95-B270-444206FDD35B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "34EBF074-78C8-41AF-88F1-DA6726E56F8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*",
              "matchCriteriaId": "8F1F312C-413F-4DB4-ABF4-48E33F6FECF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*",
              "matchCriteriaId": "1894C542-AA81-40A9-BF47-AE24C93C1ACB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*",
              "matchCriteriaId": "A711CDC2-412C-499D-9FA6-7F25B06267C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sun:solaris:9.0:x86_update_2:*:*:*:*:*:*",
              "matchCriteriaId": "3F305CBD-4329-44DE-A85C-DE9FF371425E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "369207B4-96FA-4324-9445-98FAE8ECF5DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sun:sunos:5.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "39F847DB-65A9-47DA-BCFA-A179E5E2301A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "08003947-A4F1-44AC-84C6-9F8D097EB759",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2475113-CFE4-41C8-A86F-F2DA6548D224",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en la rutina Dispatch() en el servidor de fuentes XFS (fs.auto) en Solaris 2.5.1 a 9 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) o ejecutar c\u00f3digo arbitrario mediante una cierta petici\u00f3n XFS."
    }
  ],
  "id": "CVE-2002-1317",
  "lastModified": "2024-11-20T23:41:02.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2002-12-11T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20021202-01-I"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21541"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=103825150527843\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/48879"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.cert.org/advisories/CA-2002-34.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ciac.org/ciac/bulletins/n-024.shtml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/10375.php"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/312313"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/advisories/4988"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/6241"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A149"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A152"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2816"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20021202-01-I"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21541"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=103825150527843\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/48879"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.cert.org/advisories/CA-2002-34.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ciac.org/ciac/bulletins/n-024.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/10375.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/312313"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/advisories/4988"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/6241"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A149"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A152"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2816"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2004-03-15 05:00
Modified
2024-11-20 23:47
Severity ?
Summary
Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure (DRI).
Impacted products



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "90FA67D9-8296-4534-8354-51B830DE3499",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A000C67-7EA3-47A7-9068-1C8744C182D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "25EDDB93-DD20-4DBE-962B-6334D5A7CB45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AC4F566-5D54-4364-B5AA-F846A0C8FCEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F9D1BD9-4300-43B5-A87B-E2BF74E55C87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:errata:*:*:*:*:*",
              "matchCriteriaId": "F4B7E143-E24B-40D2-897B-6D516566B7F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "837EBF15-6C7D-46B8-8A90-9DFBF2C09FF3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure (DRI)."
    },
    {
      "lang": "es",
      "value": "Errores de falta de signo en enteros en XFree86 4.1.0 permite a atacantes remotos causar una denegaci\u00f3n de servicio y posiblemente ejecutar c\u00f3digo arbitrario cuando se usa la extensi\u00f3n GLX y la infraestructura Direct Rendering"
    }
  ],
  "id": "CVE-2004-0094",
  "lastModified": "2024-11-20T23:47:45.423",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-03-15T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000824"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2004/dsa-443"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-152.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/9701"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15273"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000824"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2004/dsa-443"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-152.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/9701"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15273"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2004-03-03 05:00
Modified
2024-11-20 23:47
Severity ?
Summary
Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106.
References
cve@mitre.orghttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821
cve@mitre.orghttp://marc.info/?l=bugtraq&m=107644835523678&w=2
cve@mitre.orghttp://marc.info/?l=bugtraq&m=107653324115914&w=2
cve@mitre.orghttp://marc.info/?l=bugtraq&m=110979666528890&w=2
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200402-02.xmlVendor Advisory
cve@mitre.orghttp://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1
cve@mitre.orghttp://www.debian.org/security/2004/dsa-443
cve@mitre.orghttp://www.idefense.com/application/poi/display?id=72
cve@mitre.orghttp://www.kb.cert.org/vuls/id/820006US Government Resource
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2004:012
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2004_06_xf86.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-059.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-060.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-061.html
cve@mitre.orghttp://www.securityfocus.com/bid/9636Exploit, Patch, Vendor Advisory
cve@mitre.orghttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053
cve@mitre.orghttp://www.xfree86.org/cvs/changesVendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/15130
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A806
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A830
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9612
af854a3a-2127-422b-91ae-364da2661108http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=107644835523678&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=107653324115914&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=110979666528890&w=2
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200402-02.xmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2004/dsa-443
af854a3a-2127-422b-91ae-364da2661108http://www.idefense.com/application/poi/display?id=72
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/820006US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2004:012
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2004_06_xf86.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-059.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-060.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-061.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/9636Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053
af854a3a-2127-422b-91ae-364da2661108http://www.xfree86.org/cvs/changesVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/15130
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A806
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A830
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9612
Impacted products



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "90FA67D9-8296-4534-8354-51B830DE3499",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A000C67-7EA3-47A7-9068-1C8744C182D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "25EDDB93-DD20-4DBE-962B-6334D5A7CB45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AC4F566-5D54-4364-B5AA-F846A0C8FCEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F9D1BD9-4300-43B5-A87B-E2BF74E55C87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:errata:*:*:*:*:*",
              "matchCriteriaId": "F4B7E143-E24B-40D2-897B-6D516566B7F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "837EBF15-6C7D-46B8-8A90-9DFBF2C09FF3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:openbsd:openbsd:3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC46909F-DDFC-448B-BCDF-1EB343F96630",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9496279F-AB43-4B53-81A6-87C651ABC4BA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en ReadFontAlias de XFree86 4.1.0 a 4.3.0 permite a usuarios locales y atacantes remotos ejecutar c\u00f3digo arbitrario mediante un fichero de aliases de fuentes (font.alias) con un token largo, una vulnerabilidad distinta de CAN-2004-0084 y CAN-2004-0106."
    }
  ],
  "id": "CVE-2004-0083",
  "lastModified": "2024-11-20T23:47:43.747",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-03-03T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=107644835523678\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=107653324115914\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=110979666528890\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-200402-02.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2004/dsa-443"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.idefense.com/application/poi/display?id=72"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/820006"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:012"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2004_06_xf86.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-059.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-060.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-061.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/9636"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.xfree86.org/cvs/changes"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15130"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A806"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A830"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9612"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=107644835523678\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=107653324115914\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=110979666528890\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-200402-02.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2004/dsa-443"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.idefense.com/application/poi/display?id=72"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/820006"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:012"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2004_06_xf86.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-059.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-060.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-061.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/9636"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.xfree86.org/cvs/changes"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15130"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A806"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A830"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9612"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2003-03-03 05:00
Modified
2024-11-20 23:41
Severity ?
Summary
xdm, with the authComplain variable set to false, allows arbitrary attackers to connect to the X server if the xdm auth directory does not exist.
Impacted products
Vendor Product Version
xfree86_project x11r6 *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD822532-8A72-44E2-9C55-6E91E14E5A29",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "xdm, with the authComplain variable set to false, allows arbitrary attackers to connect to the X server if the xdm auth directory does not exist."
    },
    {
      "lang": "es",
      "value": "xdm, con la variable authComplain puesta a falso, permite a atacantes arbitrarios conectar al servidor X si el directorio auth de xdm no existe."
    }
  ],
  "id": "CVE-2002-1510",
  "lastModified": "2024-11-20T23:41:28.637",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2003-03-03T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000533"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55602"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://wuarchive.wustl.edu/mirrors/NetBSD/NetBSD-current/xsrc/xfree/xc/programs/Xserver/hw/xfree86/CHANGELOG"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/11389.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-064.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-065.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000533"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55602"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://wuarchive.wustl.edu/mirrors/NetBSD/NetBSD-current/xsrc/xfree/xc/programs/Xserver/hw/xfree86/CHANGELOG"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/11389.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-064.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-065.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2003-03-03 05:00
Modified
2024-11-20 23:41
Severity ?
Summary
Untrusted search path vulnerability in libX11.so in xfree86, when used in setuid or setgid programs, allows local users to gain root privileges via a modified LD_PRELOAD environment variable that points to a malicious module.
Impacted products
Vendor Product Version
xfree86_project x11r6 4.1.0
xfree86_project x11r6 4.2.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "90FA67D9-8296-4534-8354-51B830DE3499",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AC4F566-5D54-4364-B5AA-F846A0C8FCEB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Untrusted search path vulnerability in libX11.so in xfree86, when used in setuid or setgid programs, allows local users to gain root privileges via a modified LD_PRELOAD environment variable that points to a malicious module."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de b\u00fasqueda en ruta no confiable en libX11.so en xfree86, cuando se usa en programas setuid o setid, permite a usuarios locales ganar privilegios de root mediante una variable de entorno LD_PRELOAD modificada que apunta a c\u00f3digo malicioso."
    }
  ],
  "id": "CVE-2002-1472",
  "lastModified": "2024-11-20T23:41:23.380",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2003-03-03T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/linux/suse/2002-q3/1116.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000529"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/10137.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/11922"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-066.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-067.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/5735"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/linux/suse/2002-q3/1116.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000529"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/10137.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/11922"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-066.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-067.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/5735"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2001-07-17 04:00
Modified
2024-11-20 23:37
Severity ?
Summary
xman allows local users to gain privileges by modifying the MANPATH to point to a man page whose filename contains shell metacharacters.
Impacted products
Vendor Product Version
xfree86_project x11r6 3.3.2



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "23FF2D1C-D328-49BE-87CF-938FB533180B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "xman allows local users to gain privileges by modifying the MANPATH to point to a man page whose filename contains shell metacharacters."
    }
  ],
  "id": "CVE-2001-1179",
  "lastModified": "2024-11-20T23:37:04.723",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2001-07-17T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/archive/1/197498"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/archive/1/197498"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2000-05-18 04:00
Modified
2024-11-20 23:32
Severity ?
Summary
XFree86 3.3.x and 4.0 allows a user to cause a denial of service via a negative counter value in a malformed TCP packet that is sent to port 6000.
Impacted products
Vendor Product Version
xfree86_project x11r6 3.3.5
xfree86_project x11r6 3.3.6
xfree86_project x11r6 4.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B43D5F86-97B2-4175-8ED7-1F937850F9DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0946A224-6A0C-4DE3-89F9-200682431737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F33E5444-E178-4F49-BDA1-DE576D8526EE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "XFree86 3.3.x and 4.0 allows a user to cause a denial of service via a negative counter value in a malformed TCP packet that is sent to port 6000."
    }
  ],
  "id": "CVE-2000-0453",
  "lastModified": "2024-11-20T23:32:32.413",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2000-05-18T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-012.0.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0223.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/1235"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-012.0.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0223.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/1235"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
1995-11-01 05:00
Modified
2024-11-20 23:28
Severity ?
Summary
Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm.
Impacted products
Vendor Product Version
xfree86_project x11r6 *
sgi irix *
sun solaris 2.5
sun solaris 2.5.1
sun solaris 7.0
sun sunos -



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD822532-8A72-44E2-9C55-6E91E14E5A29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sgi:irix:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "056B3397-81A9-4128-9F49-ECEBE1743EE8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sun:solaris:2.5:*:x86:*:*:*:*:*",
              "matchCriteriaId": "200D8CB2-0D52-40A8-9CD9-6E4513605201",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sun:solaris:2.5.1:*:x86:*:*:*:*:*",
              "matchCriteriaId": "F66BAF35-A8B9-4E95-B270-444206FDD35B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*",
              "matchCriteriaId": "8F1F312C-413F-4DB4-ABF4-48E33F6FECF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "369207B4-96FA-4324-9445-98FAE8ECF5DB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm."
    }
  ],
  "id": "CVE-1999-0241",
  "lastModified": "2024-11-20T23:28:13.143",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "1995-11-01T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0241"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0241"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2005-01-10 05:00
Modified
2024-11-20 23:49
Severity ?
Summary
Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions.
References
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2004-537.html
cve@mitre.orghttp://secunia.com/advisories/13224/Vendor Advisory
cve@mitre.orghttp://www.debian.org/security/2004/dsa-607Patch, Vendor Advisory
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200411-28.xmlPatch, Vendor Advisory
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200502-06.xml
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200502-07.xml
cve@mitre.orghttp://www.linuxsecurity.com/content/view/106877/102/
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2004:137
cve@mitre.orghttp://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-610.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2005-004.html
cve@mitre.orghttp://www.securityfocus.com/bid/11694Patch, Vendor Advisory
cve@mitre.orghttp://www.ubuntu.com/usn/usn-83-1
cve@mitre.orghttp://www.ubuntu.com/usn/usn-83-2
cve@mitre.orghttp://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch
cve@mitre.orghttp://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01228
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/18142
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/18144
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/18145
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/18146
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/18147
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9943
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2004-537.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/13224/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2004/dsa-607Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200411-28.xmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200502-06.xml
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml
af854a3a-2127-422b-91ae-364da2661108http://www.linuxsecurity.com/content/view/106877/102/
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2004:137
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-610.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-004.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/11694Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-83-1
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-83-2
af854a3a-2127-422b-91ae-364da2661108http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch
af854a3a-2127-422b-91ae-364da2661108http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01228
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/18142
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/18144
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/18145
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/18146
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/18147
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9943



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:lesstif:lesstif:0.93:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC8ECE7C-01E7-42C2-B8D0-20A3F0FF6202",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lesstif:lesstif:0.93.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6B420D2-2684-4956-9AB2-36A2337F08F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lesstif:lesstif:0.93.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "617462F8-47C2-418D-ABC3-B72509A65D58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lesstif:lesstif:0.93.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "184385E0-A3A7-4877-BC7B-0AAC48FA197A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lesstif:lesstif:0.93.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "069774CF-5CD4-4787-A066-5C9054FDCED0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lesstif:lesstif:0.93.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD3BF142-D7F7-491D-9175-DC61889237DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lesstif:lesstif:0.93.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C1FC296-553B-460E-88FD-86C530086382",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lesstif:lesstif:0.93.94:*:*:*:*:*:*:*",
              "matchCriteriaId": "63A4B331-2868-46E3-9734-DC3AEFD2F756",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lesstif:lesstif:0.93.96:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BCCBDBC-FBBD-414E-A4D8-D3C4220E8A35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:x.org:x11r6:6.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "76FFBC43-2178-48DF-B61E-CCBA4682AC5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:x.org:x11r6:6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F506308-E878-4AA5-B5D5-A7E148D63947",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:x.org:x11r6:6.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D129D08C-AF18-4F9D-9781-64B8C1CFD65E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE887A26-0590-40DE-ACE2-28A30E5228AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "23FF2D1C-D328-49BE-87CF-938FB533180B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C104B02C-3F3B-4DB4-8A1D-65A7DAA380EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEECB0ED-A5C9-4675-9CEB-AD6C19EDA7D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B43D5F86-97B2-4175-8ED7-1F937850F9DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0946A224-6A0C-4DE3-89F9-200682431737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F33E5444-E178-4F49-BDA1-DE576D8526EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BCC09AA-AB01-4583-8052-66DBF0E1861D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E49FAA6-E146-4AD5-845E-9445C7D9F088",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "43425C85-806B-4823-AD74-D0A0465FC8DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "90FA67D9-8296-4534-8354-51B830DE3499",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A000C67-7EA3-47A7-9068-1C8744C182D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "25EDDB93-DD20-4DBE-962B-6334D5A7CB45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AC4F566-5D54-4364-B5AA-F846A0C8FCEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F9D1BD9-4300-43B5-A87B-E2BF74E55C87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:errata:*:*:*:*:*",
              "matchCriteriaId": "F4B7E143-E24B-40D2-897B-6D516566B7F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "837EBF15-6C7D-46B8-8A90-9DFBF2C09FF3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "647BA336-5538-4972-9271-383A0EC9378E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6996B14-925B-46B8-982F-3545328B506B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC80CF67-C51D-442C-9526-CFEDE84A6304",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:1.0:*:desktop:*:*:*:*:*",
              "matchCriteriaId": "C7EAAD04-D7C4-43DE-B488-1AAD014B503E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*",
              "matchCriteriaId": "D2E2EF3C-1379-4CBE-8FF5-DACD47834651",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8C55338-3372-413F-82E3-E1B476D6F41A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EFB33BF-F6A5-48C1-AEB5-194FCBCFC958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB0E2D3B-B50A-46C2-BA1E-3E014DE91954",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*",
              "matchCriteriaId": "F7446746-87B7-4BD3-AABF-1E0FAA8265AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFABFCE5-4F86-4AE8-9849-BC360AC72098",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFF36BC6-6CCD-4FEE-A120-5B8C4BF5620C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE\u0027s content decisions."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades en libXpm 6.8.1 y anteriores, usada en XFree86 y otros paquetes, incluyendo\r\n(1) m\u00faltiples desbordamientos de enteros,\r\n(2) accesos de memoria fuera de l\u00edmites,\r\n(3) atravesamiento de directorios,\r\n(4) metacaract\u00e9res de shell,\r\n(5) bucles infinitos, y\r\n(6) filtraciones de memoria\r\npodr\u00edan permitir a atacantes remotos obtener informaci\u00f3n sensible, causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o ejecutar c\u00f3digo de su elecci\u00f3n mediante un cierto fichero de imagen XPM."
    }
  ],
  "id": "CVE-2004-0914",
  "lastModified": "2024-11-20T23:49:40.140",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-01-10T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2004-537.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/13224/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2004/dsa-607"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200411-28.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-06.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.linuxsecurity.com/content/view/106877/102/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:137"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-610.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2005-004.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/11694"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/usn-83-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/usn-83-2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01228"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18142"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18144"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18145"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18146"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18147"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9943"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2004-537.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/13224/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2004/dsa-607"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200411-28.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-06.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.linuxsecurity.com/content/view/106877/102/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:137"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-610.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2005-004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/11694"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-83-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-83-2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01228"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18142"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18144"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18145"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18146"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18147"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9943"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
      "lastModified": "2007-03-14T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2000-06-19 04:00
Modified
2024-11-20 23:32
Severity ?
Summary
libX11 X library allows remote attackers to cause a denial of service via a resource mask of 0, which causes libX11 to go into an infinite loop.
Impacted products
Vendor Product Version
open_group x 11.0r6
open_group x 11.0r6.1
open_group x 11.0r6.2
open_group x 11.0r6.3
open_group x 11.0r6.4
xfree86_project x11r6 3.3.3
xfree86_project x11r6 3.3.4
xfree86_project x11r6 3.3.5
xfree86_project x11r6 3.3.6
xfree86_project x11r6 4.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:open_group:x:11.0r6:*:*:*:*:*:*:*",
              "matchCriteriaId": "341C2874-4A2A-4ECD-A243-10EF6F2588BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:open_group:x:11.0r6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "97B9657E-D7CE-496F-AE51-8AFA1CCA49CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:open_group:x:11.0r6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A2B4032-71E6-4731-B829-DD8F004B20BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:open_group:x:11.0r6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1DA55DC-E2A9-44B4-84D6-BE9F84898430",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:open_group:x:11.0r6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A3657FA-0841-487B-9650-FC06A4E2A88B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C104B02C-3F3B-4DB4-8A1D-65A7DAA380EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEECB0ED-A5C9-4675-9CEB-AD6C19EDA7D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B43D5F86-97B2-4175-8ED7-1F937850F9DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0946A224-6A0C-4DE3-89F9-200682431737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F33E5444-E178-4F49-BDA1-DE576D8526EE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "libX11 X library allows remote attackers to cause a denial of service via a resource mask of 0, which causes libX11 to go into an infinite loop."
    }
  ],
  "id": "CVE-2000-0620",
  "lastModified": "2024-11-20T23:32:54.747",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2000-06-19T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=96146116627474\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/1409"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4996"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=96146116627474\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/1409"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4996"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2000-06-19 04:00
Modified
2024-11-20 23:32
Severity ?
Summary
libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro.
Impacted products
Vendor Product Version
gnome gdm 1.0
gnome gdm 1.1
open_group x 11.0r5
open_group x 11.0r6
open_group x 11.0r6.1
open_group x 11.0r6.2
open_group x 11.0r6.3
open_group x 11.0r6.4
xfree86_project x11r6 3.3.3
xfree86_project x11r6 3.3.4
xfree86_project x11r6 3.3.5
xfree86_project x11r6 3.3.6
xfree86_project x11r6 4.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnome:gdm:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2D650E6-F568-4B7F-8913-3DC10E8F4201",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gdm:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "37AB5A38-A7C4-4016-8628-27AA0EC7E401",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:open_group:x:11.0r5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6BF5526-54BA-411B-8C18-BAD8801EEF18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:open_group:x:11.0r6:*:*:*:*:*:*:*",
              "matchCriteriaId": "341C2874-4A2A-4ECD-A243-10EF6F2588BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:open_group:x:11.0r6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "97B9657E-D7CE-496F-AE51-8AFA1CCA49CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:open_group:x:11.0r6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A2B4032-71E6-4731-B829-DD8F004B20BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:open_group:x:11.0r6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1DA55DC-E2A9-44B4-84D6-BE9F84898430",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:open_group:x:11.0r6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A3657FA-0841-487B-9650-FC06A4E2A88B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C104B02C-3F3B-4DB4-8A1D-65A7DAA380EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEECB0ED-A5C9-4675-9CEB-AD6C19EDA7D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B43D5F86-97B2-4175-8ED7-1F937850F9DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0946A224-6A0C-4DE3-89F9-200682431737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F33E5444-E178-4F49-BDA1-DE576D8526EE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro."
    }
  ],
  "id": "CVE-2000-0504",
  "lastModified": "2024-11-20T23:32:39.370",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2000-06-19T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/1369"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.xfree86.org/security/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/1369"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.xfree86.org/security/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2001-09-22 04:00
Modified
2024-11-20 23:36
Severity ?
Summary
Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph clipping for large origins, allows attackers to cause a denial of service and possibly gain privileges via a large number of characters, possibly through the web page search form of KDE Konqueror or from an xterm command with a long title.
References
cve@mitre.orghttp://cvsweb.xfree86.org/cvsweb/xc/programs/Xserver/fb/fbglyph.c
cve@mitre.orghttp://marc.info/?l=bugtraq&m=100776624224549&w=2
cve@mitre.orghttp://marc.info/?l=bugtraq&m=100784290015880&w=2
cve@mitre.orghttp://marc.info/?l=vuln-dev&m=100118958310463&w=2
cve@mitre.orghttp://www.securityfocus.com/bid/3657Patch, Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/3663Vendor Advisory
cve@mitre.orghttp://www.xfree86.org/4.2.0/RELNOTES2.html#2
cve@mitre.orghttp://www.xfree86.org/security/
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/7673
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/7683
af854a3a-2127-422b-91ae-364da2661108http://cvsweb.xfree86.org/cvsweb/xc/programs/Xserver/fb/fbglyph.c
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=100776624224549&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=100784290015880&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=vuln-dev&m=100118958310463&w=2
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/3657Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/3663Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.xfree86.org/4.2.0/RELNOTES2.html#2
af854a3a-2127-422b-91ae-364da2661108http://www.xfree86.org/security/
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/7673
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/7683
Impacted products
Vendor Product Version
xfree86_project x11r6 4.0
xfree86_project x11r6 4.0.1
xfree86_project x11r6 4.0.3



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F33E5444-E178-4F49-BDA1-DE576D8526EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BCC09AA-AB01-4583-8052-66DBF0E1861D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "43425C85-806B-4823-AD74-D0A0465FC8DF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph clipping for large origins, allows attackers to cause a denial of service and possibly gain privileges via a large number of characters, possibly through the web page search form of KDE Konqueror or from an xterm command with a long title."
    }
  ],
  "id": "CVE-2001-0955",
  "lastModified": "2024-11-20T23:36:31.663",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2001-09-22T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://cvsweb.xfree86.org/cvsweb/xc/programs/Xserver/fb/fbglyph.c"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=100776624224549\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=100784290015880\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=vuln-dev\u0026m=100118958310463\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/3657"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/3663"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.xfree86.org/4.2.0/RELNOTES2.html#2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.xfree86.org/security/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7673"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7683"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://cvsweb.xfree86.org/cvsweb/xc/programs/Xserver/fb/fbglyph.c"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=100776624224549\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=100784290015880\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=vuln-dev\u0026m=100118958310463\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/3657"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/3663"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.xfree86.org/4.2.0/RELNOTES2.html#2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.xfree86.org/security/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7673"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7683"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2003-03-03 05:00
Modified
2024-11-20 23:43
Summary
The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
References
cve@mitre.orghttp://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.htmlVendor Advisory
cve@mitre.orghttp://marc.info/?l=bugtraq&m=104612710031920&w=2
cve@mitre.orghttp://www.debian.org/security/2003/dsa-380
cve@mitre.orghttp://www.iss.net/security_center/static/11414.phpVendor Advisory
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2024/06/15/1
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2003-064.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2003-065.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2003-066.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2003-067.html
cve@mitre.orghttp://www.securityfocus.com/bid/6940
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=104612710031920&w=2
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2003/dsa-380
af854a3a-2127-422b-91ae-364da2661108http://www.iss.net/security_center/static/11414.phpVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2024/06/15/1
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2003-064.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2003-065.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2003-066.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2003-067.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/6940
Impacted products



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F33E5444-E178-4F49-BDA1-DE576D8526EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BCC09AA-AB01-4583-8052-66DBF0E1861D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "43425C85-806B-4823-AD74-D0A0465FC8DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "90FA67D9-8296-4534-8354-51B830DE3499",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AC4F566-5D54-4364-B5AA-F846A0C8FCEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F9D1BD9-4300-43B5-A87B-E2BF74E55C87",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user\u0027s terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands."
    },
    {
      "lang": "es",
      "value": "El emulador de terminal xterm en XFree86 4.2.0 permite a atacantes modificar el t\u00edtulo de la ventana mediante cierta secuencia de caracter de escape y a continuaci\u00f3n insertarlo de vuelta en la linea de comando en el terminal del usuario, por ejemplo, cuando el usuario ve un fichero que contiene la secuencia maliciosa, lo que podr\u00eda permitir ejecutar comandos arbitrarios."
    }
  ],
  "id": "CVE-2003-0063",
  "lastModified": "2024-11-20T23:43:51.587",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 7.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.4,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2003-03-03T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2003/dsa-380"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/11414.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2024/06/15/1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-064.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-065.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-066.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-067.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/6940"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2003/dsa-380"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/11414.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2024/06/15/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-064.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-065.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-066.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-067.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/6940"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2003-03-03 05:00
Modified
2024-11-20 23:43
Severity ?
Summary
The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop.
Impacted products



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F33E5444-E178-4F49-BDA1-DE576D8526EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BCC09AA-AB01-4583-8052-66DBF0E1861D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "43425C85-806B-4823-AD74-D0A0465FC8DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "90FA67D9-8296-4534-8354-51B830DE3499",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AC4F566-5D54-4364-B5AA-F846A0C8FCEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F9D1BD9-4300-43B5-A87B-E2BF74E55C87",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop."
    },
    {
      "lang": "es",
      "value": "La capacidad de procesamiento DEC UDK en el emulador de terminal xterm de XFree86 4.2.0 permite a atacantes causar una denegaci\u00f3n de servicio mediante cierta secuencia de car\u00e1cter de escape que hace que el terminal entre en un bucle cerrado."
    }
  ],
  "id": "CVE-2003-0071",
  "lastModified": "2024-11-20T23:43:52.790",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2003-03-03T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2003/dsa-380"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/11415.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-064.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-065.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-066.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-067.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/6950"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2003/dsa-380"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/11415.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-064.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-065.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-066.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-067.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/6950"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2004-03-03 05:00
Modified
2024-11-20 23:47
Severity ?
Summary
Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084.
References
cve@mitre.orghttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821
cve@mitre.orghttp://marc.info/?l=bugtraq&m=110979666528890&w=2
cve@mitre.orghttp://www.debian.org/security/2004/dsa-443
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2004:012
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2004_06_xf86.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-059.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-060.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-061.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053Patch, Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/15206
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11111
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A809
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A832
af854a3a-2127-422b-91ae-364da2661108http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=110979666528890&w=2
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2004/dsa-443
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2004:012
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2004_06_xf86.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-059.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-060.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-061.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/15206
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11111
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A809
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A832
Impacted products



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "90FA67D9-8296-4534-8354-51B830DE3499",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A000C67-7EA3-47A7-9068-1C8744C182D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "25EDDB93-DD20-4DBE-962B-6334D5A7CB45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AC4F566-5D54-4364-B5AA-F846A0C8FCEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F9D1BD9-4300-43B5-A87B-E2BF74E55C87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:errata:*:*:*:*:*",
              "matchCriteriaId": "F4B7E143-E24B-40D2-897B-6D516566B7F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "837EBF15-6C7D-46B8-8A90-9DFBF2C09FF3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:openbsd:openbsd:3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC46909F-DDFC-448B-BCDF-1EB343F96630",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9496279F-AB43-4B53-81A6-87C651ABC4BA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades desconocidas en XFree86 4.1.0 to 4.3.0 relacionadas con el manejo inapropiado de ficheros de fuentes, un grupo de vulnerabilidades diferente de CAN-2004-0083."
    }
  ],
  "id": "CVE-2004-0106",
  "lastModified": "2024-11-20T23:47:46.553",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-03-03T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=110979666528890\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2004/dsa-443"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:012"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2004_06_xf86.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-059.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2004-060.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2004-061.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15206"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11111"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A809"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A832"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=110979666528890\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2004/dsa-443"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:012"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2004_06_xf86.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-059.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2004-060.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2004-061.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15206"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11111"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A809"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A832"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2001-07-04 04:00
Modified
2024-11-20 23:36
Severity ?
Summary
XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X display via a brute force attack.
Impacted products
Vendor Product Version
xfree86_project x11r6 3.3
xfree86_project x11r6 3.3.3



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE887A26-0590-40DE-ACE2-28A30E5228AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C104B02C-3F3B-4DB4-8A1D-65A7DAA380EB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X display via a brute force attack."
    }
  ],
  "id": "CVE-2001-1086",
  "lastModified": "2024-11-20T23:36:50.463",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2001-07-04T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://online.securityfocus.com/archive/1/195008"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/archive/1/194907"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/2985"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6808"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://online.securityfocus.com/archive/1/195008"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/archive/1/194907"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/2985"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6808"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2000-04-16 04:00
Modified
2024-11-20 23:32
Severity ?
Summary
Buffer overflow in XFree86 3.3.x allows local users to execute arbitrary commands via a long -xkbmap parameter.
Impacted products
Vendor Product Version
xfree86_project x11r6 3.3.6
xfree86_project x11r6 4.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0946A224-6A0C-4DE3-89F9-200682431737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F33E5444-E178-4F49-BDA1-DE576D8526EE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in XFree86 3.3.x allows local users to execute arbitrary commands via a long -xkbmap parameter."
    }
  ],
  "id": "CVE-2000-0285",
  "lastModified": "2024-11-20T23:32:09.177",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2000-04-16T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2000-04/0076.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/1306"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2000-04/0076.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/1306"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2003-10-20 04:00
Modified
2024-11-20 23:45
Severity ?
Summary
Multiple integer overflows in the font libraries for XFree86 4.3.0 allow local or remote attackers to cause a denial of service or execute arbitrary code via heap-based and stack-based buffer overflow attacks.
References
cve@mitre.orgftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-015.txt.asc
cve@mitre.orgftp://patches.sgi.com/support/free/security/advisories/20031101-01-U.asc
cve@mitre.orghttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821
cve@mitre.orghttp://marc.info/?l=bugtraq&m=106229335312429&w=2
cve@mitre.orghttp://secunia.com/advisories/24168
cve@mitre.orghttp://secunia.com/advisories/24247
cve@mitre.orghttp://sunsolve.sun.com/search/document.do?assetkey=1-26-102803-1
cve@mitre.orghttp://support.avaya.com/elmodocs2/security/ASA-2007-074.htm
cve@mitre.orghttp://www.debian.org/security/2003/dsa-380Patch, Vendor Advisory
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2003:089
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2003-286.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2003-287.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2003-288.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2003-289.html
cve@mitre.orghttp://www.securityfocus.com/bid/8514Patch, Vendor Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/0589
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-015.txt.asc
af854a3a-2127-422b-91ae-364da2661108ftp://patches.sgi.com/support/free/security/advisories/20031101-01-U.asc
af854a3a-2127-422b-91ae-364da2661108http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=106229335312429&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24168
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24247
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-26-102803-1
af854a3a-2127-422b-91ae-364da2661108http://support.avaya.com/elmodocs2/security/ASA-2007-074.htm
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2003/dsa-380Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2003:089
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2003-286.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2003-287.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2003-288.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2003-289.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/8514Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/0589
Impacted products
Vendor Product Version
xfree86_project x11r6 4.2.1
xfree86_project x11r6 4.3.0
netbsd netbsd 1.5
netbsd netbsd 1.5.1
netbsd netbsd 1.5.2
netbsd netbsd 1.5.3
netbsd netbsd 1.6
netbsd netbsd 1.6.1



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F9D1BD9-4300-43B5-A87B-E2BF74E55C87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "837EBF15-6C7D-46B8-8A90-9DFBF2C09FF3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E10D9BF9-FCC7-4680-AD3A-95757FC005EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "78E8C3A4-9FA7-4F2A-8C65-D4404715E674",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBA2E3A3-EB9B-4B20-B754-EEC914FB1D47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AC78BA4-70F4-4B9F-93C2-B107E4DCC418",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "28A10F5A-067E-4DD8-B585-ABCD6F6B324E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:netbsd:netbsd:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "249FA642-3732-4654-88CB-3F1D19A5860A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple integer overflows in the font libraries for XFree86 4.3.0 allow local or remote attackers to cause a denial of service or execute arbitrary code via heap-based and stack-based buffer overflow attacks."
    }
  ],
  "id": "CVE-2003-0730",
  "lastModified": "2024-11-20T23:45:23.640",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2003-10-20T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-015.txt.asc"
    },
    {
      "source": "cve@mitre.org",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20031101-01-U.asc"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=106229335312429\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/24168"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/24247"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102803-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-074.htm"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2003/dsa-380"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:089"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2003-286.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-287.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-288.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-289.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/8514"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/0589"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-015.txt.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20031101-01-U.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000821"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=106229335312429\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24168"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24247"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102803-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-074.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2003/dsa-380"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:089"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2003-286.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-287.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-288.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-289.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/8514"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/0589"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2000-06-01 04:00
Modified
2024-11-20 23:32
Severity ?
Summary
xterm, Eterm, and rxvt allow an attacker to cause a denial of service by embedding certain escape characters which force the window to be resized.
Impacted products
Vendor Product Version
michael_jennings eterm 0.8.10
putty putty 0.48
rxvt rxvt 2.6.1
xfree86_project x11r6 3.3.3
xfree86_project x11r6 4.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:michael_jennings:eterm:0.8.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "B33FE201-759E-4EE4-B19E-A25E6FBD711B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:putty:putty:0.48:*:*:*:*:*:*:*",
              "matchCriteriaId": "1283B462-042C-4857-A700-4179AAE20E2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt:rxvt:2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5CE4F28-5C30-4A54-8A4B-3FA6B01F1467",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C104B02C-3F3B-4DB4-8A1D-65A7DAA380EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F33E5444-E178-4F49-BDA1-DE576D8526EE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "xterm, Eterm, and rxvt allow an attacker to cause a denial of service by embedding certain escape characters which force the window to be resized."
    }
  ],
  "id": "CVE-2000-0476",
  "lastModified": "2024-11-20T23:32:35.640",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2000-06-01T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0409.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0420.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2024/06/09/1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2024/06/09/2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/1298"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0409.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0420.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2024/06/09/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2024/06/09/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/1298"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2004-03-15 05:00
Modified
2024-11-20 23:47
Severity ?
Summary
XFree86 4.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an out-of-bounds array index when using the GLX extension and Direct Rendering Infrastructure (DRI).
Impacted products



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "90FA67D9-8296-4534-8354-51B830DE3499",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A000C67-7EA3-47A7-9068-1C8744C182D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "25EDDB93-DD20-4DBE-962B-6334D5A7CB45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AC4F566-5D54-4364-B5AA-F846A0C8FCEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F9D1BD9-4300-43B5-A87B-E2BF74E55C87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:errata:*:*:*:*:*",
              "matchCriteriaId": "F4B7E143-E24B-40D2-897B-6D516566B7F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "837EBF15-6C7D-46B8-8A90-9DFBF2C09FF3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "XFree86 4.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an out-of-bounds array index when using the GLX extension and Direct Rendering Infrastructure (DRI)."
    },
    {
      "lang": "es",
      "value": "XFree86 4.1.0 permite a atacantes remotos causar una denegaci\u00f3n de servicio y posiblemente ejecutar c\u00f3digo arbitrario mediante un \u00edndice de un array fuera de l\u00edmites cuando usa la extenesi\u00f3n GLX y la infraestructura Direct Rendering"
    }
  ],
  "id": "CVE-2004-0093",
  "lastModified": "2024-11-20T23:47:45.283",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-03-15T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000824"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2004/dsa-443"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-152.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/9701"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15272"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000824"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2004/dsa-443"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-152.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/9701"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15272"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2001-07-11 04:00
Modified
2024-11-20 23:37
Severity ?
Summary
Buffer overflow in xman allows local users to gain privileges via a long MANPATH environment variable.
Impacted products
Vendor Product Version
xfree86_project x11r6 3.3.2



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "23FF2D1C-D328-49BE-87CF-938FB533180B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in xman allows local users to gain privileges via a long MANPATH environment variable."
    }
  ],
  "id": "CVE-2001-1178",
  "lastModified": "2024-11-20T23:37:04.563",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2001-07-11T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0234.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/3030"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6853"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0234.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/3030"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6853"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}