Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0990

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-0990
Last Modified 21 Aug 2010 12:21:36
Published 01 Mar 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0990

Summary

Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941.

Vulnerable Systems

Operating System

  • Gentoo Linux

  • Suse Linux 8.0

  • Suse Linux 8.1

  • Suse Linux 8.2

  • Suse Linux 9.0

  • Suse Linux 9.1

  • Suse Linux 9.2

  • Trustix Secure Linux 1.5

  • Trustix Secure Linux 2.0

  • Trustix Secure Linux 2.1

  • Trustix Secure Linux 2.2

Application

  • Gd Graphics Library Gdlib 1.8.4

  • Gd Graphics Library Gdlib 2.0.1

  • Gd Graphics Library Gdlib 2.0.15

  • Gd Graphics Library Gdlib 2.0.20

  • Gd Graphics Library Gdlib 2.0.21

  • Gd Graphics Library Gdlib 2.0.22

  • Gd Graphics Library Gdlib 2.0.23

  • Gd Graphics Library Gdlib 2.0.26

  • Gd Graphics Library Gdlib 2.0.27

  • Gd Graphics Library Gdlib 2.0.28

  • Openpkg 2.1

  • Openpkg 2.2

  • Openpkg Current


References

BID - 11523

XF - gd-png-bo(17866)

TRUSTIX - 2004-0058

OSVDB - 11190

DEBIAN - DSA-602

DEBIAN - DSA-601

DEBIAN - DSA-591

DEBIAN - DSA-589

BUGTRAQ - 20041026 libgd integer overflow

CONFIRM - https://issues.rpath.com/browse/RPL-939

REDHAT - RHSA-2004:638

MANDRIVA - MDKSA-2006:122

MANDRIVA - MDKSA-2006:114

MANDRIVA - MDKSA-2006:113

MANDRAKE - MDKSA-2004:132

CIAC - P-071

SECUNIA - 23783

SECUNIA - 21050

SECUNIA - 20866

SECUNIA - 20824

SECUNIA - 18717

UBUNTU - USN-25-1

UBUNTU - USN-11-1

SUSE - SUSE-SR:2006:003


Last Updated: 27 May 2016 10:38:50