VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Jan 10, 2005· Updated Apr 16, 2026

CVE-2004-0914

CVE-2004-0914

Description

Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions.

Affected products

40
  • SUSE S.A./Linux8 versions
    cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*+ 7 more
    • cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*
    • cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*
    • cpe:2.3:o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*
    • cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*
    • cpe:2.3:o:suse:suse_linux:9.2:*:*:*:*:*:*:*
    • cpe:2.3:o:suse:suse_linux:1.0:*:desktop:*:*:*:*:*
    • cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*
    • cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*
  • Lesstif/Lesstif9 versions
    cpe:2.3:a:lesstif:lesstif:0.93:*:*:*:*:*:*:*+ 8 more
    • cpe:2.3:a:lesstif:lesstif:0.93:*:*:*:*:*:*:*
    • cpe:2.3:a:lesstif:lesstif:0.93.12:*:*:*:*:*:*:*
    • cpe:2.3:a:lesstif:lesstif:0.93.18:*:*:*:*:*:*:*
    • cpe:2.3:a:lesstif:lesstif:0.93.34:*:*:*:*:*:*:*
    • cpe:2.3:a:lesstif:lesstif:0.93.36:*:*:*:*:*:*:*
    • cpe:2.3:a:lesstif:lesstif:0.93.40:*:*:*:*:*:*:*
    • cpe:2.3:a:lesstif:lesstif:0.93.91:*:*:*:*:*:*:*
    • cpe:2.3:a:lesstif:lesstif:0.93.94:*:*:*:*:*:*:*
    • cpe:2.3:a:lesstif:lesstif:0.93.96:*:*:*:*:*:*:*
  • Xorg/X11r620 versions
    cpe:2.3:a:x.org:x11r6:6.7.0:*:*:*:*:*:*:*+ 19 more
    • cpe:2.3:a:x.org:x11r6:6.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:x.org:x11r6:6.8:*:*:*:*:*:*:*
    • cpe:2.3:a:x.org:x11r6:6.8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:xfree86_project:x11r6:3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:xfree86_project:x11r6:3.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:xfree86_project:x11r6:3.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:xfree86_project:x11r6:3.3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:xfree86_project:x11r6:3.3.5:*:*:*:*:*:*:*
    • cpe:2.3:a:xfree86_project:x11r6:3.3.6:*:*:*:*:*:*:*
    • cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:xfree86_project:x11r6:4.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:xfree86_project:x11r6:4.0.2.11:*:*:*:*:*:*:*
    • cpe:2.3:a:xfree86_project:x11r6:4.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:xfree86_project:x11r6:4.1.11:*:*:*:*:*:*:*
    • cpe:2.3:a:xfree86_project:x11r6:4.1.12:*:*:*:*:*:*:*
    • cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:errata:*:*:*:*:*
    • cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*
  • Gentoo/Linux
    cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
  • Red Hat/Fedora Core2 versions
    cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

22

News mentions

0

No linked articles in our index yet.