Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2004-0990
HistoryMar 01, 2005 - 5:00 a.m.

CVE-2004-0990

2005-03-0105:00:00
[email protected]
web.nvd.nist.gov
36
cve-2004-0990
gd graphics library
libgd
integer overflow
remote attackers
denial of service
arbitrary code
png
image files
heap-based buffer overflow

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

Low

0.217 Low

EPSS

Percentile

96.5%

JSON

Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941.

Affected configurations

NVD
Node
gd_graphics_librarygdlibMatch1.8.4
OR
gd_graphics_librarygdlibMatch2.0.1
OR
gd_graphics_librarygdlibMatch2.0.15
OR
gd_graphics_librarygdlibMatch2.0.20
OR
gd_graphics_librarygdlibMatch2.0.21
OR
gd_graphics_librarygdlibMatch2.0.22
OR
gd_graphics_librarygdlibMatch2.0.23
OR
gd_graphics_librarygdlibMatch2.0.26
OR
gd_graphics_librarygdlibMatch2.0.27
OR
gd_graphics_librarygdlibMatch2.0.28
OR
openpkgopenpkgMatch2.1
OR
openpkgopenpkgMatch2.2
OR
openpkgopenpkgMatchcurrent
Node
gentoolinux
OR
susesuse_linuxMatch8.0
OR
susesuse_linuxMatch8.1
OR
susesuse_linuxMatch8.2
OR
susesuse_linuxMatch9.0
OR
susesuse_linuxMatch9.0x86_64
OR
susesuse_linuxMatch9.1
OR
susesuse_linuxMatch9.2
OR
trustixsecure_linuxMatch1.5
OR
trustixsecure_linuxMatch2.0
OR
trustixsecure_linuxMatch2.1
OR
trustixsecure_linuxMatch2.2

References

Related

ubuntucve 3
openvas 19
debiancve 2
ubuntu 4
cvelist 2
nessus 26
redhat 2
debian 8
osv 4
nvd 2
cve 1
centos 2
gentoo 1
freebsd 2
checkpoint_advisories 1
securityvulns 2
slackware 1
ubuntucve
ubuntucve
CVE-2004-0941
2005-02-09 00:00:00
CVE-2004-0990
2005-03-01 00:00:00
CVE-2007-3473
2007-06-28 00:00:00
openvas
openvas
FreeBSD Ports: gd, uk-gd, ja-gd
2008-09-04 00:00:00
Debian Security Advisory DSA 601-1 (libgd1)
2008-01-17 00:00:00
FreeBSD Ports: gd, uk-gd, ja-gd
2008-09-04 00:00:00
debiancve
debiancve
CVE-2004-0990
2005-03-01 05:00:00
CVE-2004-0941
2005-02-09 05:00:00
ubuntu
ubuntu
libgd vulnerabilities
2004-11-30 00:00:00
libgd2 vulnerability
2004-11-16 00:00:00
libgd vulnerabilities
2004-11-10 00:00:00
cvelist
cvelist
CVE-2004-0941
2004-11-19 05:00:00
CVE-2004-0990
2004-10-28 04:00:00
nessus
nessus
Fedora Core 2 : gd-2.0.21-5.20.1 (2004-411)
2004-11-17 00:00:00
RHEL 2.1 / 3 : gd (RHSA-2004:638)
2004-12-17 00:00:00
CentOS 3 : gd (CESA-2004:638)
2006-07-03 00:00:00
redhat
redhat
(RHSA-2004:638) gd security update
2004-12-16 00:00:00
(RHSA-2006:0194) gd security update
2006-02-01 00:00:00
debian
debian
[SECURITY] [DSA 602-1] New libgd2 packages fix arbitrary code execution
2004-11-29 15:57:41
[SECURITY] [DSA 601-1] New libgd1 packages fix arbitrary code execution
2004-11-29 14:32:29
[SECURITY] [DSA 589-1] New libgd1 packages fix arbitrary code execution
2004-11-09 14:59:22
osv
osv
libgd2 - integer overlow
2004-11-29 00:00:00
libgd1 - integer overflow
2004-11-29 00:00:00
libgd - integer overflows
2004-11-09 00:00:00
nvd
nvd
CVE-2004-0990
2005-03-01 05:00:00
CVE-2004-0941
2005-02-09 05:00:00
cve
cve
CVE-2004-0941
2005-02-09 05:00:00
centos
centos
gd security update
2005-05-27 13:29:15
gd security update
2006-02-01 19:06:04
gentoo
gentoo
GD: Integer overflow
2004-11-03 00:00:00
freebsd
freebsd
gd -- integer overflow
2004-10-26 00:00:00
libwmf -- multiple vulnerabilities
2004-10-12 00:00:00
checkpoint_advisories
checkpoint_advisories
GD Graphics Library PNG Buffer Overflow (CVE-2004-0941)
2015-01-08 00:00:00
securityvulns
securityvulns
[Full-disclosure] [ MDKSA-2006:114 ] - Updated libwmf packages fixes embedded GD vulnerability
2006-06-28 00:00:00
[Full-disclosure] [ MDKSA-2006:113 ] - Updated tetex packages fix embedded GD vulnerabilities
2006-06-28 00:00:00
slackware
slackware
[slackware-security] libwmf
2018-05-01 01:19:49

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

Low

0.217 Low

EPSS

Percentile

96.5%

JSON
Related for CVE-2004-0990
ubuntucve3openvas19debiancve2ubuntu4cvelist2nessus26redhat2debian8osv4nvd2cve1centos2gentoo1freebsd2checkpoint_advisories1securityvulns2slackware1