Description
scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.
Product(s):
- Lesstif Lesstif 0.93.94
- SGI ProPack 3.0
- X.Org X11R6 6.7.0
- X.Org X11R6 6.8.1
- X.Org X11R6 6.8
- XFree86 Project X11R6 3.3.2
- XFree86 Project X11R6 3.3.3
- XFree86 Project X11R6 3.3.4
- XFree86 Project X11R6 3.3.5
- XFree86 Project X11R6 3.3.6
- XFree86 Project X11R6 3.3
- XFree86 Project X11R6 4.0.1
- XFree86 Project X11R6 4.0.2.11
- XFree86 Project X11R6 4.0.3
- XFree86 Project X11R6 4.0
- XFree86 Project X11R6 4.1.0
- XFree86 Project X11R6 4.1.11
- XFree86 Project X11R6 4.1.12
- XFree86 Project X11R6 4.2.0
- XFree86 Project X11R6 4.2.1
- XFree86 Project X11R6 4.2.1 Errata
- XFree86 Project X11R6 4.3.0.1
- XFree86 Project X11R6 4.3.0.2
- XFree86 Project X11R6 4.3.0
- ALT Linux 2.3 Compact Edition
- ALT Linux 2.3 Junior Edition
- MandrakeSoft Mandrake Linux 10.0
- Mandrakesoft Mandrake Linux 10.0 on AMD64
- MandrakeSoft Mandrake Linux 10.1
- Mandrakesoft Mandrake Linux 10.1 on x86_64
- MandrakeSoft Mandrake Linux 10.2
- Mandrakesoft Mandrake Linux 10.2 on x86_64
- MandrakeSoft Mandrake Linux Corporate Server 2.1
- Mandrakesoft Mandrake Linux Corporate Server 2.1 on x86_64
- MandrakeSoft Mandrake Corporate Server 3.0
- Mandrakesoft Mandrake Linux Corporate Server 3.0 on x86_64
- Red Hat Enterprise Linux 3.0 Advanced Server Edition
- Red Hat Enterprise Linux 3.0 Enterprise Server Edition
- Red Hat Enterprise Linux 3.0 Workstation Server Edition
- Red Hat Enterprise Linux 4.0 Advanced Server
- Red Hat Enterprise Linux 4.0 Enterprise Server
- Red Hat Enterprise Linux 4.0 Workstation
- Red Hat Desktop 3.0
- Red Hat Desktop 4.0
- Red Hat Fedora Core Core 2.0
- Red Hat Fedora Core Core 3.0
- SuSE SuSE Linux 6.1
- SuSE SuSE Linux 6.1 alpha
- SuSE SuSE Linux 6.2
- SuSE SuSE Linux 6.3
- SUSE Linux 6.3 on PPC
- SuSE SuSE Linux 6.3 alpha
- SuSE SuSE Linux 6.4
- SUSE Linux 6.4 on i386
- SUSE Linux 6.4 on PPC
- SuSE SuSE Linux 6.4 alpha
- SuSE SuSE Linux 7.0
- SUSE Linux 7.0 on i386
- SUSE Linux 7.0 on PPC
- SUSE Linux 7.0 on SPARC
- SuSE SuSE Linux 7.0 alpha
- SuSE SuSE Linux 7.1
- SUSE Linux 7.1
- SUSE Linux 7.1 on SPARC
- SUSE Linux 7.1 on x86
- SuSE SuSE Linux 7.1 alpha
- SuSE SuSE Linux 7.2
- SUSE Linux 7.2 on i386
- SuSE SuSE Linux 7.3
- SUSE Linux 7.3 on i386
- SUSE Linux 7.3 on PPC
- SUSE Linux 7.3 on SPARC
- SuSE SuSE Linux 8.0
- SUSE Linux 8.0 on i386
- SuSE SuSE Linux 8.0 alpha
- SuSE SuSE Linux 8.1
- SuSE SuSE Linux 8.2
- SuSE SuSE Linux 9.0
- Suse Suse Linux 9.0 Enterprise Server Edition
- SUSE Linux 9.0 x86_64
- SuSE SuSE Linux 9.1
- SUSE Linux 9.1 on x86_64
- SuSE SuSE Linux 9.2
- SUSE Linux 9.2 on x86_64
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2005-0605, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2005-0605 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.