FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

xpm -- image decoding vulnerabilities

Affected packages
0 <= agenda-snow-libs
0 <= linux_base
0 <= mupad
0 <= open-motif-devel
0 <= zh-cle_base
libXpm < 3.5.1_1
XFree86-libraries < 4.4.0_1
xorg-libraries < 6.7.0_2
lesstif < 0.93.96,2
xpm < 3.4k_1
linux-openmotif < 2.2.4
open-motif < 2.2.3_1

Details

VuXML ID ef253f8b-0727-11d9-b45d-000c41e2cdad
Discovery 2004-09-15
Entry 2004-09-15
Modified 2005-01-03

Chris Evans discovered several vulnerabilities in the libXpm image decoder:

The X11R6.8.1 release announcement reads:

This version is purely a security release, addressing multiple integer and stack overflows in libXpm, the X Pixmap library; all known versions of X (both XFree86 and X.Org) are affected, so all users of X are strongly encouraged to upgrade.

[source]

References

CERT/CC Vulnerability Note 537878
CERT/CC Vulnerability Note 882750
CVE Name CVE-2004-0687
CVE Name CVE-2004-0688
URL http://freedesktop.org/pipermail/xorg/2004-September/003172.html
URL http://scary.beasts.org/security/CESA-2004-003.txt

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.