CVE-2004-0904

5 documents5 sources

Severity

10.0CRITICAL

EPSS

31.7%

top 3.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Conectiva Linux Mozilla Firefox Mozilla Mozilla +7 more

Timeline

PublishedDec 31

Latest updateApr 29

Description

Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages9 packages

▶NVDmozilla/firefox5 versions+4

▶NVDmozilla/thunderbird5 versions+4

▶NVDmozilla/mozilla1.7, 1.7.1, 1.7.2+2

▶NVDredhat/linux7.3, 9.0+1

▶NVDconectiva/linux10.0, 9.0+1

Also affects: Enterprise Linux 2.1, 3.0

🔴Vulnerability Details

GHSA

GHSA-238r-rqpq-9cqf: Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1↗2022-04-29

▶

CVEList

CVE-2004-0904: Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1↗2004-09-24

▶

📋Vendor Advisories

Red Hat

security flaw↗2004-08-27

▶

💬Community

Bugzilla

CVE-2004-0904 security flaw↗2018-08-16

▶