CVE-2004-0817

Published: Dec 31, 2004Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file.

Affected (73)

Products: Conectiva: Linux · Enlightenment: Imlib, Imlib2 · Imagemagick: Imagemagick · +6 more

Show all products

1 product

2 products

1 product

1 product

Java Desktop System

2 products

Mandrake Linux Corporate Server

4 products

Enterprise Linux

Enterprise Linux Desktop

Linux Advanced Workstation

1 product

3 products

Turbolinux Desktop

Turbolinux Server

Turbolinux Workstation

1 product

Configuration A

37 vulnerable

Vulnerable Software	Affected Versions
Conectiva Linux	Version 10.0
Conectiva Linux	Version 9.0
Enlightenment Imlib	Version 1.9.10
Enlightenment Imlib	Version 1.9.11
Enlightenment Imlib	Version 1.9.12
Enlightenment Imlib	Version 1.9.13
Enlightenment Imlib	Version 1.9.14
Enlightenment Imlib	Version 1.9.1
Enlightenment Imlib	Version 1.9.2
Enlightenment Imlib	Version 1.9.3
Enlightenment Imlib	Version 1.9.4
Enlightenment Imlib	Version 1.9.5
Enlightenment Imlib	Version 1.9.6
Enlightenment Imlib	Version 1.9.7
Enlightenment Imlib	Version 1.9.8
Enlightenment Imlib	Version 1.9.9
Enlightenment Imlib	Version 1.9
Enlightenment Imlib2	Version 1.0.1
Enlightenment Imlib2	Version 1.0.2
Enlightenment Imlib2	Version 1.0.3
Enlightenment Imlib2	Version 1.0.4
Enlightenment Imlib2	Version 1.0.5
Enlightenment Imlib2	Version 1.0
Enlightenment Imlib2	Version 1.1.1
Enlightenment Imlib2	Version 1.1
Imagemagick Imagemagick	Version 5.3.3
Imagemagick Imagemagick	Version 5.4.3
Imagemagick Imagemagick	Version 5.4.4.5
Imagemagick Imagemagick	Version 5.4.7
Imagemagick Imagemagick	Version 5.4.8.2.1.1.0
Imagemagick Imagemagick	Version 5.4.8
Imagemagick Imagemagick	Version 5.5.3.2.1.2.0
Imagemagick Imagemagick	Version 5.5.6.0_2003-04-09
Imagemagick Imagemagick	Version 5.5.7
Imagemagick Imagemagick	Version 6.0.2
Sun Java Desktop System	Version 2.0
Sun Java Desktop System	Version 2003

Configuration B

36 vulnerable

Vulnerable Software	Affected Versions
Mandrakesoft Mandrake Linux	Version 10.0
Mandrakesoft Mandrake Linux	Version 10.0
Mandrakesoft Mandrake Linux	Version 9.2
Mandrakesoft Mandrake Linux	Version 9.2
Mandrakesoft Mandrake Linux Corporate Server	Version 2.1
Mandrakesoft Mandrake Linux Corporate Server	Version 2.1
Redhat Enterprise Linux	Version 2.1
Redhat Enterprise Linux	Version 2.1
Redhat Enterprise Linux	Version 2.1
Redhat Enterprise Linux	Version 2.1
Redhat Enterprise Linux	Version 2.1
Redhat Enterprise Linux	Version 2.1
Redhat Enterprise Linux	Version 3.0
Redhat Enterprise Linux	Version 3.0
Redhat Enterprise Linux	Version 3.0
Redhat Enterprise Linux Desktop	Version 3.0
Redhat Fedora Core	Version core_1.0
Redhat Fedora Core	Version core_2.0
Redhat Fedora Core	Version core_3.0
Redhat Linux Advanced Workstation	Version 2.1
Redhat Linux Advanced Workstation	Version 2.1
Suse Suse Linux	Version 8.0
Suse Suse Linux	Version 8.0
Suse Suse Linux	Version 8.1
Suse Suse Linux	Version 8.2
Suse Suse Linux	Version 9.0
Suse Suse Linux	Version 9.0
Suse Suse Linux	Version 9.1
Suse Suse Linux	Version 9.2
Turbolinux Turbolinux Desktop	Version 10.0
Turbolinux Turbolinux Server	Version 7.0
Turbolinux Turbolinux Server	Version 8.0
Turbolinux Turbolinux Workstation	Version 7.0
Turbolinux Turbolinux Workstation	Version 8.0
Ubuntu Ubuntu Linux	Version 4.1
Ubuntu Ubuntu Linux	Version 4.1

References (18)

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000870

Source: cve@mitre.org

Patch

http://sunsolve.sun.com/search/document.do?assetkey=1-66-201611-1

Source: cve@mitre.org

http://www.debian.org/security/2004/dsa-548

Source: cve@mitre.org

PatchVendor Advisory

http://www.gentoo.org/security/en/glsa/glsa-200409-12.xml

Source: cve@mitre.org

PatchVendor Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2004:089

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2004-465.html

Source: cve@mitre.org

PatchVendor Advisory

http://www.securityfocus.com/bid/11084

Source: cve@mitre.org

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/17182

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8843

Source: cve@mitre.org

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000870

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://sunsolve.sun.com/search/document.do?assetkey=1-66-201611-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2004/dsa-548

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.gentoo.org/security/en/glsa/glsa-200409-12.xml

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2004:089

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2004-465.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/bid/11084

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/17182

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8843

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.