CVE-2004-0688

Impact:
Moderate
Public Date:
2004-09-15
Bugzilla:
430515: CVE-2004-0688 openmotif21 stack overflows in libxpm

The MITRE CVE dictionary describes this issue as:

Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.

Find out more about CVE-2004-0688 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux version 3 (XFree86) RHSA-2004:478 2004-10-04
Red Hat Enterprise Linux version 3 RHSA-2004:537 2004-12-02
Red Hat Enterprise Linux version 2.1 (lesstif) RHSA-2005:004 2005-01-12
Red Hat Satellite v 4.2 (RHEL v.4 AS) RHSA-2008:0524 2008-06-30
Red Hat Satellite v 4.2 (RHEL v.3 AS) RHSA-2008:0524 2008-06-30
Red Hat Enterprise Linux version 2.1 (openmotif) RHSA-2004:537 2004-12-02
Red Hat Enterprise Linux version 2.1 (XFree86) RHSA-2004:479 2004-10-06

Affected Packages State

Platform Package State
Red Hat Enterprise Linux version 3 openmotif 2.2.3-4.RHEL3.4 Fixed
Red Hat Enterprise Linux version 3 openmotif21 2.1.30-9.RHEL3.4 Fixed