CVE-2004-0990

Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941.

Published: Mar 1, 2005
Updated: Apr 13, 2023
CVE: CVE-2004-0990
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
gd_graphics_library / gdlib	2.0.26	2.0.26.x
gd_graphics_library / gdlib	2.0.15	2.0.15.x
openpkg / openpkg	2.1	2.1.x
gd_graphics_library / gdlib	2.0.22	2.0.22.x
openpkg / openpkg	current	current.x
gd_graphics_library / gdlib	2.0.23	2.0.23.x
gd_graphics_library / gdlib	2.0.27	2.0.27.x
gd_graphics_library / gdlib	2.0.20	2.0.20.x
gd_graphics_library / gdlib	1.8.4	1.8.4.x
openpkg / openpkg	2.2	2.2.x
gd_graphics_library / gdlib	2.0.1	2.0.1.x
gd_graphics_library / gdlib	2.0.21	2.0.21.x
gd_graphics_library / gdlib	2.0.28	2.0.28.x
trustix / secure_linux	2.0	2.0.x
suse / suse_linux	9.2	9.2.x
suse / suse_linux	9.0	9.0.x
suse / suse_linux	8.2	8.2.x
suse / suse_linux	8.0	8.0.x
trustix / secure_linux	1.5	1.5.x
suse / suse_linux	9.1	9.1.x
trustix / secure_linux	2.1	2.1.x
trustix / secure_linux	2.2	2.2.x
gentoo / linux	-	-
suse / suse_linux	8.1	8.1.x

Vulnerability Database

289,599

CVE-2004-0990