Published: 09/02/2005 Updated: 03/05/2018

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and previous versions may allow remote malicious users to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function, a different set of vulnerabilities than CVE-2004-0990.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gd graphics library gdlib 2.0.22
gd graphics library gdlib 2.0.23
gd graphics library gdlib 2.0.26
gd graphics library gdlib 1.8.4
gd graphics library gdlib 2.0.1
gd graphics library gdlib 2.0.33
gd graphics library gdlib 2.0.27
gd graphics library gdlib 2.0.28
gd graphics library gdlib 2.0.20
gd graphics library gdlib 2.0.21
trustix secure linux 2.1
trustix secure linux 2.2
trustix secure linux 1.5
trustix secure linux 2.0

Synopsis gd security update Type/Severity Security Advisory: Important Topic Updated gd packages that fix security issues with overflow in variousmemory allocation calls are now available[Updated 24 May 2005]Multilib packages have been added to this advisory Description The gd packages con ...

CAN-2004-0990 described several more buffer overflows which had been discovered in libgd2’s PNG handling functions However, it was determined that the update from USN-11-1 was not sufficient to prevent every possible attack, so another update is required ...

CAN-2004-0990 described several buffer overflows which had been discovered in libgd’s PNG handling functions Another update is required because the update from USN-21-1 was not sufficient to prevent every possible attack ...

More potential integer overflows have been found in the GD graphics library which weren't covered by our security advisory DSA 591 They could be exploited by a specially crafted graphic and could lead to the execution of arbitrary code on the victim's machine For the stable distribution (woody) these problems have been fixed in version 201-10wo ...

More potential integer overflows have been found in the GD graphics library which weren't covered by our security advisory DSA 589 They could be exploited by a specially crafted graphic and could lead to the execution of arbitrary code on the victim's machine For the stable distribution (woody) these problems have been fixed in version 184-17w ...

NVD-CWE-Other http://www.trustix.org/errata/2004/0058 http://www.securityfocus.com/bid/11663 http://secunia.com/advisories/13179/http://www.redhat.com/support/errata/RHSA-2006-0194.html http://secunia.com/advisories/18686 http://secunia.com/advisories/20824 http://secunia.com/advisories/21050 http://www.debian.org/security/2004/dsa-601 http://www.redhat.com/support/errata/RHSA-2004-638.html http://www.ciac.org/ciac/bulletins/p-071.shtml http://www.mandriva.com/security/advisories?name=MDKSA-2006:113 http://www.mandriva.com/security/advisories?name=MDKSA-2006:114 http://www.mandriva.com/security/advisories?name=MDKSA-2006:122 https://www.ubuntu.com/usn/usn-33-1/https://www.ubuntu.com/usn/usn-25-1/https://exchange.xforce.ibmcloud.com/vulnerabilities/18048 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1195 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11176 https://access.redhat.com/errata/RHSA-2004:638 https://nvd.nist.gov https://usn.ubuntu.com/25-1/

CVE-2004-0941

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect