CVE-2004-0688 – openmotif21 stack overflows in libxpm
https://notcve.org/view.php?id=CVE-2004-0688
Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file. Múltiples desbordamientos de búfer en xpmParseColors en parse.c de libXpm anteriores a 6.8.1 permite a atacantes remotos ejecutar código arbitrario mediante un fichero de imagen XPM malformado. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924 http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch http://lists.apple.com/archives/security-announce/2005/May/msg00001.html http://marc.info/?l=bugtraq&m=109530851323415&w=2 http://scary.beasts.org/security/CESA-2004-003.txt http://secunia.com/advisories/20235 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1 http://www.debian.org/security/2004/dsa-560 http: •
CVE-2004-0687 – openmotif21 stack overflows in libxpm
https://notcve.org/view.php?id=CVE-2004-0687
Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file. Múltiples desbordamientos de búfer basados en la pila en (1) xpmParseColors en parse.c, (2) ParseAndPutPixels en create.c, y (3) ParsePixels en parse.c de libXpm anteriores a 6.8.1 permite a atacantes remotos ejecutar código de su elección mediante una imagen XPM malformada. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924 http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch http://lists.apple.com/archives/security-announce/2005/May/msg00001.html http://marc.info/?l=bugtraq&m=109530851323415&w=2 http://packetstormsecurity.com/files/170620/Solaris-10-dtprintinfo-libXm-libXpm-Security-Issues.html http://scary.beasts.org/security/CESA-2004-003.txt http://secunia.com/advisories/20235 http://sunsolve.sun.com/search •
CVE-2004-0419
https://notcve.org/view.php?id=CVE-2004-0419
XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0, which could allow remote attackers to connect to the port, in violation of the intended restrictions. XDM en XFree86 abre una un socket TCP chooserFd incluso cuando DisplayManger.requestPort es 0, lo que podría permitir a atacantes remotos conectar al puerto, violando las restricciones pretendidas. • http://bugs.xfree86.org/show_bug.cgi?id=1376 http://secunia.com/advisories/12019 http://securitytracker.com/id?1010306 http://www.ciac.org/ciac/bulletins/p-001.shtml http://www.gentoo.org/security/en/glsa/glsa-200407-05.xml http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:073 http://www.openbsd.org/errata.html#xdm http://www.redhat.com/support/errata/RHSA-2004-478.html http://www.securityfocus.com/bid/10423 https://bugzilla.redhat.com/bugz •
CVE-2004-0093
https://notcve.org/view.php?id=CVE-2004-0093
XFree86 4.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an out-of-bounds array index when using the GLX extension and Direct Rendering Infrastructure (DRI). XFree86 4.1.0 permite a atacantes remotos causar una denegación de servicio y posiblemente ejecutar código arbitrario mediante un índice de un array fuera de límites cuando usa la extenesión GLX y la infraestructura Direct Rendering • ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000824 http://www.debian.org/security/2004/dsa-443 http://www.redhat.com/support/errata/RHSA-2004-152.html http://www.securityfocus.com/bid/9701 https://exchange.xforce.ibmcloud.com/vulnerabilities/15272 https://access.redhat.com/security/cve/CVE-2004-0093 https://bugzilla.redhat.com/show_bug.cgi?id=1617146 •
CVE-2004-0094
https://notcve.org/view.php?id=CVE-2004-0094
Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure (DRI). Errores de falta de signo en enteros en XFree86 4.1.0 permite a atacantes remotos causar una denegación de servicio y posiblemente ejecutar código arbitrario cuando se usa la extensión GLX y la infraestructura Direct Rendering • ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000824 http://www.debian.org/security/2004/dsa-443 http://www.redhat.com/support/errata/RHSA-2004-152.html http://www.securityfocus.com/bid/9701 https://exchange.xforce.ibmcloud.com/vulnerabilities/15273 https://access.redhat.com/security/cve/CVE-2004-0094 https://bugzilla.redhat.com/show_bug.cgi?id=1617147 •