CVE-2004-0687

Name of the Vulnerable Software and Affected Versions lesstif-dev (affected versions not specified) lesstif-bin (affected versions not specified) lesstif1 (affected versions not specified) lesstif-dbg (affected versions not specified) lesstif-doc (affected versions not specified) libXpm versions prior to 6.8.1

Description The issue concerns multiple vulnerabilities in the lesstif package of the Debian GNU/Linux operating system, which can lead to breaches of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. Specifically, multiple stack-based buffer overflows in libXpm before version 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file. The vulnerabilities are found in functions such as xpmParseColors in parse.c, ParseAndPutPixels in create.c, and ParsePixels in parse.c.

Recommendations For lesstif-dev, update to a version that includes the fix for this issue. For lesstif-bin, update to a version that includes the fix for this issue. For lesstif1, update to a version that includes the fix for this issue. For lesstif-dbg, update to a version that includes the fix for this issue. For lesstif-doc, update to a version that includes the fix for this issue. For libXpm, update to version 6.8.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable functions xpmParseColors, ParseAndPutPixels, and ParsePixels until a patch is available.