CyberSec.Space Logo
Back to CVE Browser

CVE-2004-1917

HIGH
7.5
CVSS Severity Score
EPSS Score0.1630%
EPSS Percentile4.37th
PublishedApr 8, 2004
Last ModifiedApr 16, 2026

Vulnerability Description

Format string vulnerability in test_func_func in LCDProc 0.4.1 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the str variable.

Affected Platforms (CPE)

πŸ“¦
Lcdproc

Lcdproc

= 0.3
πŸ“¦
Lcdproc

Lcdproc

= 0.4
πŸ“¦
Lcdproc

Lcdproc

= 0.4.1_r1
πŸ“¦
Lcdproc

Lcdproc

= 4.0
πŸ“¦
Lcdproc

Lcdproc

= 4.1
πŸ“¦
Lcdproc

Lcdproc

= 4.2
πŸ“¦
Lcdproc

Lcdproc

= 4.3
πŸ“¦
Lcdproc

Lcdproc

= 4.4

References & Advisories

πŸ”— http://lists.omnipotent.net/pipermail/lcdproc/2004-April/008884.html
πŸ”— http://marc.info/?l=bugtraq&m=108146376315229&w=2
πŸ”— http://secunia.com/advisories/11333
πŸ”— http://security.gentoo.org/glsa/glsa-200404-19.xml
πŸ”— http://www.securityfocus.com/bid/10085
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/15817
πŸ”— http://lists.omnipotent.net/pipermail/lcdproc/2004-April/008884.html
πŸ”— http://marc.info/?l=bugtraq&m=108146376315229&w=2

Related Vulnerabilities

CVE-2000-029510.0

Buffer overflow in LCDproc allows remote attackers to gain root privileges via the screen_add command.

CVE-2004-19157.5

Buffer overflow in the parse_all_client_messages function in LCDproc 0.4.x up to 0.4.4 allows remote attackers to execute arbitrar...

CVE-2004-19167.5

Multiple buffer overflows in LCDProc 0.4.1, and possibly other 0.4.x versions up to 0.4.4, allows remote attackers to execute arbi...

CVE-2004-100610.0

Format string vulnerability in the log functions in dhcpd for dhcp 2.x allows remote DNS servers to execute arbitrary code via cer...