CVE-2004-0688

Name of the Vulnerable Software and Affected Versions lesstif-dev (affected versions not specified) lesstif-bin (affected versions not specified) lesstif1 (affected versions not specified) lesstif-dbg (affected versions not specified) lesstif-doc (affected versions not specified) libXpm versions prior to 6.8.1

Description The issue involves multiple vulnerabilities in the lesstif package of the Debian GNU/Linux operating system, which can lead to breaches of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. Specifically, there are integer overflows in functions such as xpmParseColors, XpmCreateImageFromXpmImage, CreateXImage, ParsePixels, and ParseAndPutPixels in libXpm before version 6.8.1, allowing remote attackers to execute arbitrary code via a malformed XPM image file.

Recommendations For lesstif-dev, update to a version that includes the fix for these vulnerabilities. For lesstif-bin, update to a version that includes the fix for these vulnerabilities. For lesstif1, update to a version that includes the fix for these vulnerabilities. For lesstif-dbg, update to a version that includes the fix for these vulnerabilities. For lesstif-doc, update to a version that includes the fix for these vulnerabilities. For libXpm, update to version 6.8.1 or later to resolve the integer overflow issues in functions like xpmParseColors and XpmCreateImageFromXpmImage. At the moment, there is no information about a newer version that contains a fix for the lesstif package vulnerabilities.