CVE-2004-0990

Published: Mar 1, 2005Modified: Apr 16, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941.

Affected (25)

Products: Gd Graphics Library: Gdlib · Openpkg: Openpkg · Gentoo: Linux · +2 more

Show all products

Gd Graphics Library: Gdlib · Openpkg: Openpkg · Gentoo: Linux · Suse: Suse Linux · Trustix: Secure Linux

Gd Graphics Library

1 product

1 product

1 product

1 product

1 product

Configuration A

13 vulnerable

Vulnerable Software	Affected Versions
Gd Graphics Library Gdlib	Version 1.8.4
Gd Graphics Library Gdlib	Version 2.0.15
Gd Graphics Library Gdlib	Version 2.0.1
Gd Graphics Library Gdlib	Version 2.0.20
Gd Graphics Library Gdlib	Version 2.0.21
Gd Graphics Library Gdlib	Version 2.0.22
Gd Graphics Library Gdlib	Version 2.0.23
Gd Graphics Library Gdlib	Version 2.0.26
Gd Graphics Library Gdlib	Version 2.0.27
Gd Graphics Library Gdlib	Version 2.0.28
Openpkg Openpkg	Version 2.1
Openpkg Openpkg	Version 2.2
Openpkg Openpkg	Version current

Configuration B

12 vulnerable

Vulnerable Software	Affected Versions
Gentoo Linux	All versions
Suse Suse Linux	Version 8.0
Suse Suse Linux	Version 8.1
Suse Suse Linux	Version 8.2
Suse Suse Linux	Version 9.0
Suse Suse Linux	Version 9.0
Suse Suse Linux	Version 9.1
Suse Suse Linux	Version 9.2
Trustix Secure Linux	Version 1.5
Trustix Secure Linux	Version 2.0
Trustix Secure Linux	Version 2.1
Trustix Secure Linux	Version 2.2

References (52)

http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=109882489302099&w=2

Source: cve@mitre.org

http://secunia.com/advisories/18717

Source: cve@mitre.org

http://secunia.com/advisories/20824

Source: cve@mitre.org

http://secunia.com/advisories/20866

Source: cve@mitre.org

http://secunia.com/advisories/21050

Source: cve@mitre.org

http://secunia.com/advisories/23783

Source: cve@mitre.org

http://www.ciac.org/ciac/bulletins/p-071.shtml

Source: cve@mitre.org

http://www.debian.org/security/2004/dsa-589

Source: cve@mitre.org

http://www.debian.org/security/2004/dsa-591

Source: cve@mitre.org

http://www.debian.org/security/2004/dsa-601

Source: cve@mitre.org

http://www.debian.org/security/2004/dsa-602

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDKSA-2004:132

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDKSA-2006:113

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDKSA-2006:114

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDKSA-2006:122

Source: cve@mitre.org

http://www.osvdb.org/11190

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2004-638.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/11523

Source: cve@mitre.org

PatchVendor Advisory

http://www.trustix.org/errata/2004/0058

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/17866

Source: cve@mitre.org

https://issues.rpath.com/browse/RPL-939

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1260

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9952

Source: cve@mitre.org

https://www.ubuntu.com/usn/usn-11-1/

Source: cve@mitre.org

https://www.ubuntu.com/usn/usn-25-1/

Source: cve@mitre.org

http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=bugtraq&m=109882489302099&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/18717

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/20824

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/20866

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/21050

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/23783

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ciac.org/ciac/bulletins/p-071.shtml

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2004/dsa-589

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2004/dsa-591

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2004/dsa-601

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2004/dsa-602

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDKSA-2004:132

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDKSA-2006:113

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDKSA-2006:114

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDKSA-2006:122

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/11190

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2004-638.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/11523

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.trustix.org/errata/2004/0058

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/17866

Source: af854a3a-2127-422b-91ae-364da2661108

https://issues.rpath.com/browse/RPL-939

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1260

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9952

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.ubuntu.com/usn/usn-11-1/

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.ubuntu.com/usn/usn-25-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.