Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0994

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-0994
Last Modified 10 Sep 2008 03:28:32
Published 10 Jan 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0994

Summary

Multiple integer overflows in xzgv 0.8 and earlier allow remote attackers to execute arbitrary code via images with large width and height values, which trigger a heap-based buffer overflow, as demonstrated in the read_prf_file function in readprf.c. NOTE: CVE-2004-0994 and CVE-2004-1095 identify sets of bugs that only partially overlap, despite having the same developer. Therefore, they should be regarded as distinct.

Vulnerable Systems

Operating System

  • Debian Linux 3.0

Application

  • Xzgv Image Viewer 0.6

  • Xzgv Image Viewer 0.7

  • Xzgv Image Viewer 0.8

  • Zgv Image Viewer 5.5

  • Zgv Image Viewer 5.6

  • Zgv Image Viewer 5.7

  • Zgv Image Viewer 5.8


References

XF - xzgv-readprffile-bo(18454)

DEBIAN - DSA-614

CONFIRM - http://rus.members.beeb.net/xzgv-0.8-integer-overflow-fix.diff

IDEFENSE - 20041213 Multiple Vendor xzgv PRF Parsing Integer Overflow Vulnerability


Last Updated: 27 May 2016 10:38:50