X11R6

scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.

Published: 2005-03-04T05:00:00.000Z
Updated: 2024-08-07T21:21:06.249Z

Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions.

Published: 2004-12-15T05:00:00.000Z
Updated: 2024-08-08T00:31:48.097Z

Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.

Published: 2004-09-24T04:00:00.000Z
Updated: 2024-08-08T00:24:27.110Z

Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.

Published: 2004-09-24T00:00:00.000Z
Updated: 2024-08-08T00:24:27.112Z

The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop.

Published: 2004-09-01T04:00:00.000Z
Updated: 2024-08-08T01:43:34.879Z

The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.

Published: 2004-09-01T04:00:00.000Z
Updated: 2024-10-29T14:05:49.769Z

Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph clipping for large origins, allows attackers to cause a denial of service and possibly gain privileges via a large number of characters, possibly through the web page search form of KDE Konqueror or from an xterm command with a long title.

Published: 2002-02-02T05:00:00.000Z
Updated: 2024-08-08T04:37:07.098Z

libX11 X library allows remote attackers to cause a denial of service via a resource mask of 0, which causes libX11 to go into an infinite loop.

Published: 2001-09-18T04:00:00.000Z
Updated: 2024-08-08T05:21:31.408Z

libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro.

Published: 2001-05-07T04:00:00.000Z
Updated: 2024-08-08T05:21:31.029Z

xterm, Eterm, and rxvt allow an attacker to cause a denial of service by embedding certain escape characters which force the window to be resized.

Published: 2000-07-12T04:00:00.000Z
Updated: 2024-08-08T05:21:31.299Z

XFree86 3.3.x and 4.0 allows a user to cause a denial of service via a negative counter value in a malformed TCP packet that is sent to port 6000.

Published: 2000-07-12T04:00:00.000Z
Updated: 2024-08-08T05:21:29.681Z

Buffer overflow in XFree86 3.3.x allows local users to execute arbitrary commands via a long -xkbmap parameter.

Published: 2000-10-13T04:00:00.000Z
Updated: 2024-08-08T05:14:21.407Z