[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255227

 
 

909

 
 

198741

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2004-0990Date: (C)2005-03-01   (M)2023-12-22


Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 10.0
Exploit Score: 10.0
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
OSVDB-11190
BID-11523
SECUNIA-18717
2004-0058
http://marc.info/?l=bugtraq&m=109882489302099&w=2
SECUNIA-20824
SECUNIA-20866
SECUNIA-21050
SECUNIA-23783
DSA-589
DSA-591
DSA-601
DSA-602
MDKSA-2004:132
MDKSA-2006:113
MDKSA-2006:114
MDKSA-2006:122
P-071
RHSA-2004:638
SUSE-SR:2006:003
USN-11-1
USN-25-1
gd-png-bo(17866)
https://issues.rpath.com/browse/RPL-939
oval:org.mitre.oval:def:1260
oval:org.mitre.oval:def:9952

CPE    13
cpe:/o:suse:suse_linux:9.2
cpe:/o:suse:suse_linux:9.0
cpe:/o:suse:suse_linux:8.1
cpe:/o:suse:suse_linux:9.1
...

© SecPod Technologies