cve-2004-0914
Vulnerability from cvelistv5
Published
2004-12-15 05:00
Modified
2024-08-08 00:31
Severity ?
Summary
Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions.
References
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2004-537.html
cve@mitre.orghttp://secunia.com/advisories/13224/Vendor Advisory
cve@mitre.orghttp://www.debian.org/security/2004/dsa-607Patch, Vendor Advisory
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200411-28.xmlPatch, Vendor Advisory
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200502-06.xml
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200502-07.xml
cve@mitre.orghttp://www.linuxsecurity.com/content/view/106877/102/
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2004:137
cve@mitre.orghttp://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-610.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2005-004.html
cve@mitre.orghttp://www.securityfocus.com/bid/11694Patch, Vendor Advisory
cve@mitre.orghttp://www.ubuntu.com/usn/usn-83-1
cve@mitre.orghttp://www.ubuntu.com/usn/usn-83-2
cve@mitre.orghttp://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch
cve@mitre.orghttp://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01228
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/18142
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/18144
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/18145
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/18146
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/18147
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9943
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2004-537.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/13224/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2004/dsa-607Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200411-28.xmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200502-06.xml
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml
af854a3a-2127-422b-91ae-364da2661108http://www.linuxsecurity.com/content/view/106877/102/
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2004:137
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-610.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-004.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/11694Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-83-1
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-83-2
af854a3a-2127-422b-91ae-364da2661108http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch
af854a3a-2127-422b-91ae-364da2661108http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01228
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/18142
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/18144
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/18145
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/18146
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/18147
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9943
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:31:48.097Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2005:004",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2005-004.html"
          },
          {
            "name": "libxpm-directory-traversal(18146)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18146"
          },
          {
            "name": "USN-83-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-83-1"
          },
          {
            "name": "RHSA-2004:537",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2004-537.html"
          },
          {
            "name": "libxpm-image-bo(18142)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18142"
          },
          {
            "name": "13224",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/13224/"
          },
          {
            "name": "oval:org.mitre.oval:def:9943",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9943"
          },
          {
            "name": "FEDORA-2004-433",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://www.linuxsecurity.com/content/view/106877/102/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch"
          },
          {
            "name": "RHSA-2004:610",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2004-610.html"
          },
          {
            "name": "libxpm-improper-memory-access(18144)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18144"
          },
          {
            "name": "GLSA-200502-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml"
          },
          {
            "name": "FLSA-2006:152803",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html"
          },
          {
            "name": "DSA-607",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2004/dsa-607"
          },
          {
            "name": "11694",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/11694"
          },
          {
            "name": "GLSA-200502-06",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-06.xml"
          },
          {
            "name": "USN-83-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-83-2"
          },
          {
            "name": "HPSBTU01228",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01228"
          },
          {
            "name": "MDKSA-2004:137",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:137"
          },
          {
            "name": "GLSA-200411-28",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200411-28.xml"
          },
          {
            "name": "libxpm-dos(18147)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18147"
          },
          {
            "name": "libxpm-command-execution(18145)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18145"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-11-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE\u0027s content decisions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-18T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2005:004",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2005-004.html"
        },
        {
          "name": "libxpm-directory-traversal(18146)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18146"
        },
        {
          "name": "USN-83-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-83-1"
        },
        {
          "name": "RHSA-2004:537",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2004-537.html"
        },
        {
          "name": "libxpm-image-bo(18142)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18142"
        },
        {
          "name": "13224",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/13224/"
        },
        {
          "name": "oval:org.mitre.oval:def:9943",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9943"
        },
        {
          "name": "FEDORA-2004-433",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://www.linuxsecurity.com/content/view/106877/102/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch"
        },
        {
          "name": "RHSA-2004:610",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2004-610.html"
        },
        {
          "name": "libxpm-improper-memory-access(18144)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18144"
        },
        {
          "name": "GLSA-200502-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml"
        },
        {
          "name": "FLSA-2006:152803",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html"
        },
        {
          "name": "DSA-607",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2004/dsa-607"
        },
        {
          "name": "11694",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/11694"
        },
        {
          "name": "GLSA-200502-06",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-06.xml"
        },
        {
          "name": "USN-83-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-83-2"
        },
        {
          "name": "HPSBTU01228",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01228"
        },
        {
          "name": "MDKSA-2004:137",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:137"
        },
        {
          "name": "GLSA-200411-28",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200411-28.xml"
        },
        {
          "name": "libxpm-dos(18147)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18147"
        },
        {
          "name": "libxpm-command-execution(18145)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18145"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-0914",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE\u0027s content decisions."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2005:004",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2005-004.html"
            },
            {
              "name": "libxpm-directory-traversal(18146)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18146"
            },
            {
              "name": "USN-83-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-83-1"
            },
            {
              "name": "RHSA-2004:537",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2004-537.html"
            },
            {
              "name": "libxpm-image-bo(18142)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18142"
            },
            {
              "name": "13224",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/13224/"
            },
            {
              "name": "oval:org.mitre.oval:def:9943",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9943"
            },
            {
              "name": "FEDORA-2004-433",
              "refsource": "FEDORA",
              "url": "http://www.linuxsecurity.com/content/view/106877/102/"
            },
            {
              "name": "http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch",
              "refsource": "CONFIRM",
              "url": "http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch"
            },
            {
              "name": "RHSA-2004:610",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2004-610.html"
            },
            {
              "name": "libxpm-improper-memory-access(18144)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18144"
            },
            {
              "name": "GLSA-200502-07",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml"
            },
            {
              "name": "FLSA-2006:152803",
              "refsource": "FEDORA",
              "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html"
            },
            {
              "name": "DSA-607",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2004/dsa-607"
            },
            {
              "name": "11694",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/11694"
            },
            {
              "name": "GLSA-200502-06",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-06.xml"
            },
            {
              "name": "USN-83-2",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-83-2"
            },
            {
              "name": "HPSBTU01228",
              "refsource": "HP",
              "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01228"
            },
            {
              "name": "MDKSA-2004:137",
              "refsource": "MANDRAKE",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:137"
            },
            {
              "name": "GLSA-200411-28",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200411-28.xml"
            },
            {
              "name": "libxpm-dos(18147)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18147"
            },
            {
              "name": "libxpm-command-execution(18145)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18145"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-0914",
    "datePublished": "2004-12-15T05:00:00",
    "dateReserved": "2004-09-27T00:00:00",
    "dateUpdated": "2024-08-08T00:31:48.097Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2004-0914\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2005-01-10T05:00:00.000\",\"lastModified\":\"2024-11-20T23:49:40.140\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE\u0027s content decisions.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades en libXpm 6.8.1 y anteriores, usada en XFree86 y otros paquetes, incluyendo\\r\\n(1) m\u00faltiples desbordamientos de enteros,\\r\\n(2) accesos de memoria fuera de l\u00edmites,\\r\\n(3) atravesamiento de directorios,\\r\\n(4) metacaract\u00e9res de shell,\\r\\n(5) bucles infinitos, y\\r\\n(6) filtraciones de memoria\\r\\npodr\u00edan permitir a atacantes remotos obtener informaci\u00f3n sensible, causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o ejecutar c\u00f3digo de su elecci\u00f3n mediante un cierto fichero de imagen XPM.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lesstif:lesstif:0.93:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC8ECE7C-01E7-42C2-B8D0-20A3F0FF6202\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lesstif:lesstif:0.93.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6B420D2-2684-4956-9AB2-36A2337F08F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lesstif:lesstif:0.93.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"617462F8-47C2-418D-ABC3-B72509A65D58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lesstif:lesstif:0.93.34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"184385E0-A3A7-4877-BC7B-0AAC48FA197A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lesstif:lesstif:0.93.36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"069774CF-5CD4-4787-A066-5C9054FDCED0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lesstif:lesstif:0.93.40:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD3BF142-D7F7-491D-9175-DC61889237DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lesstif:lesstif:0.93.91:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C1FC296-553B-460E-88FD-86C530086382\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lesstif:lesstif:0.93.94:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63A4B331-2868-46E3-9734-DC3AEFD2F756\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lesstif:lesstif:0.93.96:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BCCBDBC-FBBD-414E-A4D8-D3C4220E8A35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:x.org:x11r6:6.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"76FFBC43-2178-48DF-B61E-CCBA4682AC5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:x.org:x11r6:6.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F506308-E878-4AA5-B5D5-A7E148D63947\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:x.org:x11r6:6.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D129D08C-AF18-4F9D-9781-64B8C1CFD65E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xfree86_project:x11r6:3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE887A26-0590-40DE-ACE2-28A30E5228AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xfree86_project:x11r6:3.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"23FF2D1C-D328-49BE-87CF-938FB533180B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xfree86_project:x11r6:3.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C104B02C-3F3B-4DB4-8A1D-65A7DAA380EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xfree86_project:x11r6:3.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BEECB0ED-A5C9-4675-9CEB-AD6C19EDA7D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xfree86_project:x11r6:3.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B43D5F86-97B2-4175-8ED7-1F937850F9DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xfree86_project:x11r6:3.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0946A224-6A0C-4DE3-89F9-200682431737\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F33E5444-E178-4F49-BDA1-DE576D8526EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xfree86_project:x11r6:4.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1BCC09AA-AB01-4583-8052-66DBF0E1861D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xfree86_project:x11r6:4.0.2.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E49FAA6-E146-4AD5-845E-9445C7D9F088\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xfree86_project:x11r6:4.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"43425C85-806B-4823-AD74-D0A0465FC8DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"90FA67D9-8296-4534-8354-51B830DE3499\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xfree86_project:x11r6:4.1.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A000C67-7EA3-47A7-9068-1C8744C182D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xfree86_project:x11r6:4.1.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25EDDB93-DD20-4DBE-962B-6334D5A7CB45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AC4F566-5D54-4364-B5AA-F846A0C8FCEB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F9D1BD9-4300-43B5-A87B-E2BF74E55C87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:errata:*:*:*:*:*\",\"matchCriteriaId\":\"F4B7E143-E24B-40D2-897B-6D516566B7F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"837EBF15-6C7D-46B8-8A90-9DFBF2C09FF3\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"647BA336-5538-4972-9271-383A0EC9378E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6996B14-925B-46B8-982F-3545328B506B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC80CF67-C51D-442C-9526-CFEDE84A6304\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:suse_linux:1.0:*:desktop:*:*:*:*:*\",\"matchCriteriaId\":\"C7EAAD04-D7C4-43DE-B488-1AAD014B503E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*\",\"matchCriteriaId\":\"D2E2EF3C-1379-4CBE-8FF5-DACD47834651\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8C55338-3372-413F-82E3-E1B476D6F41A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1EFB33BF-F6A5-48C1-AEB5-194FCBCFC958\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB0E2D3B-B50A-46C2-BA1E-3E014DE91954\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*\",\"matchCriteriaId\":\"F7446746-87B7-4BD3-AABF-1E0FAA8265AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFABFCE5-4F86-4AE8-9849-BC360AC72098\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:suse_linux:9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFF36BC6-6CCD-4FEE-A120-5B8C4BF5620C\"}]}]}],\"references\":[{\"url\":\"http://rhn.redhat.com/errata/RHSA-2004-537.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/13224/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2004/dsa-607\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200411-28.xml\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200502-06.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.linuxsecurity.com/content/view/106877/102/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2004:137\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2004-610.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2005-004.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/11694\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.ubuntu.com/usn/usn-83-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ubuntu.com/usn/usn-83-2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01228\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/18142\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/18144\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/18145\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/18146\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/18147\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9943\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2004-537.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/13224/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2004/dsa-607\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200411-28.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200502-06.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.linuxsecurity.com/content/view/106877/102/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2004:137\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2004-610.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2005-004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/11694\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.ubuntu.com/usn/usn-83-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/usn-83-2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01228\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/18142\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/18144\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/18145\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/18146\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/18147\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9943\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.\",\"lastModified\":\"2007-03-14T00:00:00\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.