10029 : libXpm xpmParseColors Function XPMv2/3 Parsing Stack Overflow
Printer | http://osvdb.org/10029 | Email This | Edit Vulnerability

Views This Week	Views All Time	Added to OSVDB	Last Modified	Modified (since 2008)	Percent Complete
5	1110	over 8 years ago	about 5 years ago	0 times	90%

Timeline

Disclosure Date
2004-09-15

Description

A local overflow exists in libXpm. The xpmParseColors function fails to validate user-supplied XPMv2/3 image files resulting in a stack overflow. With a specially crafted request, a malicious user can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown

Solution

Upgrade to version 6.8.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

X.Org Foundation	libXpm	6.1
		6.3
		6.4
		6.5.1
		6.6
		6.7
		6.8.0

References

Related OSVDB ID: 10026 10027 10028 10030 10031 10032 10033 10034 10035
Secunia Advisory ID: 12549 12553 12554 12574 12579 12583 12652 12653 12727 12763 12777 12781 12782 13098 13347 13350 13351 13353 13835 14156 14301 15227 16601 20235
Bugtraq ID: 13480
ISS X-Force ID: 17414
CVE ID: 2004-0687 (see also: NVD)
CERT VU: 882750
Other Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000924
http://docs.info.apple.com/article.html?artnum=301528
http://rhn.redhat.com/errata/RHSA-2004-537.html
http://scary.beasts.org/security/CESA-2004-003.txt
http://security.gentoo.org/glsa/glsa-200410-09.xml
http://security.gentoo.org/glsa/glsa-200502-07.xml
http://sourceforge.net/mailarchive/forum.php?thread_id=5594360&forum_id=30340
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1
http://www.debian.org/security/2004/dsa-560
http://www.debian.org/security/2004/dsa-561
http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml
http://www.ics.com/developers/index.php?cont=xpm_security_alert
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:098
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:099
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:124
http://www.suse.de/de/security/2004_34_xfree86_libs_xshared.html
http://www.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch
Vendor Specific Advisory URL: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00600177
Vendor URL: http://www.x.org/
RedHat RHSA: RHSA-2004:478 RHSA-2005:004-12

Tools & Filters

	14754 14755 14775 15426 15440 15635 15658 15659 15943 16144 18189 19161 20642
	2878

Credit

Chris Evans - chrisscary.beasts.org -

CVSSv2 Score

CVSSv2 Base Score = 7.5
Source: nvd.nist.gov | Generated: 2003-12-31 | Disagree?

Comments

Add Comment Hide Add Comment

No Comments.

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.