PublicDate: 2005-01-10 05:00:00 UTC
Candidate: CVE-2004-0914
References:
 https://ubuntu.com/security/notices/USN-83-2
 https://ubuntu.com/security/notices/USN-83-1
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0914
Description:
 Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in
 XFree86 and other packages, include (1) multiple integer overflows, (2)
 out-of-bounds memory accesses, (3) directory traversal, (4) shell
 metacharacter, (5) endless loops, and (6) memory leaks, which could allow
 remote attackers to obtain sensitive information, cause a denial of service
 (application crash), or execute arbitrary code via a certain XPM image
 file. NOTE: it is highly likely that this candidate will be SPLIT into
 other candidates in the future, per CVE's content decisions.
Ubuntu-Description:
Notes:
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS:

Bugs:
dapper_openmotif: released (2.2.3-1.2ubuntu2)
edgy_openmotif: released (2.2.3-1.2ubuntu2)
feisty_openmotif: released (2.2.3-1.2ubuntu2)
devel_openmotif: released (2.2.3-1.2ubuntu2)
dapper_xorg: not-affected
edgy_xorg: not-affected
feisty_xorg: not-affected
devel_xorg: not-affected
dapper_lesstif1-1: released (0.93.94-12)
edgy_lesstif1-1: released (0.93.94-12)
feisty_lesstif1-1: DNE
devel_lesstif1-1: DNE
dapper_lesstif2: released (0.94.4-1)
edgy_lesstif2: released (0.94.4-1)
feisty_lesstif2: released (0.94.4-1)
devel_lesstif2: released (0.94.4-1)
upstream_lesstif1-1: needs-triage
upstream_lesstif2: needs-triage
upstream_openmotif: needs-triage
upstream_xorg: needs-triage