CVE-2004-0688

Publication date 20 October 2004

Last updated 24 July 2024

Ubuntu priority

Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
lesstif1-1	7.04 feisty	Not in release
	6.10 edgy	Fixed 0.93.94-12
	6.06 LTS dapper	Fixed 0.93.94-12
lesstif2	7.04 feisty	Fixed 0.94.4-1
	6.10 edgy	Fixed 0.94.4-1
	6.06 LTS dapper	Fixed 0.94.4-1
openmotif	7.04 feisty	Fixed 2.2.3-1.2ubuntu2
	6.10 edgy	Fixed 2.2.3-1.2ubuntu2
	6.06 LTS dapper	Fixed 2.2.3-1.2ubuntu2
xorg	7.04 feisty	Not affected
	6.10 edgy	Not affected
	6.06 LTS dapper	Not affected

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-27-1
libxpm4 vulnerability
18 November 2004

Other references

https://www.cve.org/CVERecord?id=CVE-2004-0688