CVE-2004-0941
published 2005-02-09CVE-2004-0941: Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files…
PriorityP339critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
10.69%
95.3th percentile
Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function, a different set of vulnerabilities than CVE-2004-0990.
Affected
26 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libgd2 | < libgd2 2.0.30-1 (bookworm) | libgd2 2.0.30-1 (bookworm) |
| debian | libgd2 | < libgd2 2.0.33-1.1 (bookworm) | libgd2 2.0.33-1.1 (bookworm) |
| gd_graphics_library | gdlib | — | — |
| gd_graphics_library | gdlib | — | — |
| gd_graphics_library | gdlib | — | — |
| gd_graphics_library | gdlib | — | — |
| gd_graphics_library | gdlib | — | — |
| gd_graphics_library | gdlib | — | — |
| gd_graphics_library | gdlib | — | — |
| gd_graphics_library | gdlib | — | — |
| gd_graphics_library | gdlib | — | — |
| gd_graphics_library | gdlib | — | — |
| gd_graphics_library | gdlib | — | — |
| openpkg | openpkg | — | — |
| openpkg | openpkg | — | — |
| openpkg | openpkg | — | — |
| suse | suse_linux | — | — |
| suse | suse_linux | — | — |
| suse | suse_linux | — | — |
| suse | suse_linux | — | — |
| suse | suse_linux | — | — |
| suse | suse_linux | — | — |
| trustix | secure_linux | — | — |
| trustix | secure_linux | — | — |
| trustix | secure_linux | — | — |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0CRITICAL
vendor_redhat10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
libgd vulnerabilities
vendor_ubuntu·2004-11-30
CVE-2004-0941 libgd vulnerabilities
Title: libgd vulnerabilities
Summary: libgd vulnerabilities
CAN-2004-0990 described several buffer overflows which had been
discovered in libgd's PNG handling functions. Another update is
required because the update from USN-21-1 was not sufficient to
prevent every possible attack.
If an attacker tricks a user into loading a malicious PNG or XPM
image, they could leverage this into executing arbitrary code in the
context of the user opening image.
This vulnerability might lead to privilege escalation in customized
systems that use server applications which link libgd. However, Warty
does not ship such server applications (PHP in Warty uses libgd2 which
was already fixed in USN-25-1).
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
libgd2 vulnerability
vendor_ubuntu·2004-11-16
CVE-2004-0941 libgd2 vulnerability
Title: libgd2 vulnerability
Summary: libgd2 vulnerability
CAN-2004-0990 described several more buffer overflows which had been
discovered in libgd2's PNG handling functions. However, it was
determined that the update from USN-11-1 was not sufficient to prevent
every possible attack, so another update is required.
If an attacker tricked a user into loading a malicious PNG image, they
could leverage this into executing arbitrary code in the context of
the user opening image. Most importantly, this library is commonly
used in PHP. One possible target would be a PHP driven photo website
that lets users upload images. Therefore this vulnerability might lead
to privilege escalation to a web server's privileges.
Instructions: In general, a standard system update will make all the necessary ch
Red Hat
gd: additional overflows
vendor_redhat·2004-11-10·CVSS 10.0
CVE-2004-0941 [CRITICAL] gd: additional overflows
gd: additional overflows
Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function, a different set of vulnerabilities than CVE-2004-0990.
Statement: Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Package: libwmf (Red Hat Enterprise Linux 4) - Will not fix
Package: libwmf (Red Hat Enterprise Linux 5) - Will not fix
Package: libwmf (Red Hat Enterprise Linux 6) - Will not fix
Red Hat
security flaw
vendor_redhat·2004-10-26·CVSS 10.0
CVE-2004-0990 [CRITICAL] security flaw
security flaw
Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941.
Debian
CVE-2004-0990: libgd2 - Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly othe...
vendor_debian·2004·CVSS 10.0
CVE-2004-0990 [CRITICAL] CVE-2004-0990: libgd2 - Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly othe...
Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941.
Scope: local
bookworm: resolved (fixed in 2.0.30-1)
bullseye: resolved (fixed in 2.0.30-1)
forky: resolved (fixed in 2.0.30-1)
sid: resolved (fixed in 2.0.30-1)
trixie: resolved (fixed in 2.0.30-1)
Debian
CVE-2004-0941: libgd2 - Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier ...
vendor_debian·2004·CVSS 10.0
CVE-2004-0941 [CRITICAL] CVE-2004-0941: libgd2 - Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier ...
Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function, a different set of vulnerabilities than CVE-2004-0990.
Scope: local
bookworm: resolved (fixed in 2.0.33-1.1)
bullseye: resolved (fixed in 2.0.33-1.1)
forky: resolved (fixed in 2.0.33-1.1)
sid: resolved (fixed in 2.0.33-1.1)
trixie: resolved (fixed in 2.0.33-1.1)
GHSA
GHSA-23x9-mmjc-x474: Integer overflow in GD Graphics Library libgd 2
ghsa_unreviewed·2022-04-29·CVSS 10.0
CVE-2004-0990 [CRITICAL] GHSA-23x9-mmjc-x474: Integer overflow in GD Graphics Library libgd 2
Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941.
GHSA
GHSA-5jw2-pr8r-5fc7: Multiple buffer overflows in the gd graphics library (libgd) 2
ghsa_unreviewed·2022-04-29·CVSS 10.0
CVE-2004-0941 [CRITICAL] GHSA-5jw2-pr8r-5fc7: Multiple buffer overflows in the gd graphics library (libgd) 2
Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function, a different set of vulnerabilities than CVE-2004-0990.
OSV
CVE-2004-0990: Integer overflow in GD Graphics Library libgd 2
osv·2005-03-01·CVSS 10.0
CVE-2004-0990 [CRITICAL] CVE-2004-0990: Integer overflow in GD Graphics Library libgd 2
Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941.
OSV
CVE-2004-0941: Multiple buffer overflows in the gd graphics library (libgd) 2
osv·2005-02-09·CVSS 10.0
CVE-2004-0941 [CRITICAL] CVE-2004-0941: Multiple buffer overflows in the gd graphics library (libgd) 2
Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function, a different set of vulnerabilities than CVE-2004-0990.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2004-0990 security flaw
bugzilla·2018-08-16·CVSS 10.0
CVE-2004-0990 [CRITICAL] CVE-2004-0990 security flaw
CVE-2004-0990 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941.
Bugzilla
CVE-2004-0941 additional overflows in gd [FC5test2]
bugzilla·2006-01-16·CVSS 10.0
CVE-2004-0941 [CRITICAL] CVE-2004-0941 additional overflows in gd [FC5test2]
CVE-2004-0941 additional overflows in gd [FC5test2]
+++ This bug was initially created as a clone of Bug #175414 +++
Whilst creating a patch for CVE-2004-0990, Phil Knirsch discovered
addiitonal buffer overflow in the gd package. These new overflows
affect calls to gdMalloc.
https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=106484
See attachment which gives complete patch for both CVE-2004-0990 and
CVE-2004-0941, note that the CVE-2004-0990 parts are fixed in FC5test2, but the
the gdxpm.c fixes are missing.
Bugzilla
CVE-2004-0941 gd: additional overflows
bugzilla·2005-12-09·CVSS 10.0
CVE-2004-0941 [CRITICAL] CVE-2004-0941 gd: additional overflows
CVE-2004-0941 gd: additional overflows
+++ This bug was initially created as a clone of Bug #138808 +++
Whilst creating a patch for CVE-2004-0990, Phil Knirsch discovered
addiitonal buffer overflow in the gd package. These new overflows
affect calls to gdMalloc.
-- Additional comment from [email protected] on 2004-11-11 05:47 EST --
Created an attachment (id=106484)
Patch for CVE-2004-0990 and CVE-2004-0941
Please note that CVE-2004-0990 does not affect RHEL4
Discussion:
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not wo
Bugzilla
CVE-2004-0941 additional overflows in gd
bugzilla·2005-12-09·CVSS 10.0
CVE-2004-0941 [CRITICAL] CVE-2004-0941 additional overflows in gd
CVE-2004-0941 additional overflows in gd
+++ This bug was initially created as a clone of Bug #175413 +++
Whilst creating a patch for CVE-2004-0990, Phil Knirsch discovered
addiitonal buffer overflow in the gd package. These new overflows
affect calls to gdMalloc.
-- Additional comment from [email protected] on 2004-11-11 05:47 EST --
Created an attachment (id=106484)
Patch for CVE-2004-0990 and CVE-2004-0941
Please note that CVE-2004-0990 does not affect FC4
Discussion:
Created attachment 123564
gd-2.0.33-CVE-2004-0941.patch
I have forward-ported the patch from #138808 to 2.0.33, but it looks different
from the patch in development.
Please, could you review? See attachment.
Bugzilla
CAN-2004-0941,0990 GD Overflow Vulnerabilities
bugzilla·2004-11-08
[MEDIUM] CAN-2004-0941,0990 GD Overflow Vulnerabilities
CAN-2004-0941,0990 GD Overflow Vulnerabilities
This vulnerability was reported to bugtraq.
http://marc.theaimsgroup.com/?l=bugtraq&m=109882489302099&w=2
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Summary:
There is an integer overflow when allocating memory in the routine that handles
loading PNG image files. This later leads to heap data structures being
overwritten. If an attacker tricked a user into loading a malicious PNG image,
they could leverage this into executing arbitrary code in the context of the
user opening image. Many programs use GD, such as ImageMagick, and more
importantly it is also the image library used for PHP, and there is a Perl
module as well. One possibile target would be PHP driven photo websites that
let users upload image
http://secunia.com/advisories/13179/http://secunia.com/advisories/18686http://secunia.com/advisories/20824http://secunia.com/advisories/21050http://www.ciac.org/ciac/bulletins/p-071.shtmlhttp://www.debian.org/security/2004/dsa-601http://www.mandriva.com/security/advisories?name=MDKSA-2006:113http://www.mandriva.com/security/advisories?name=MDKSA-2006:114http://www.mandriva.com/security/advisories?name=MDKSA-2006:122http://www.redhat.com/support/errata/RHSA-2004-638.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0194.htmlhttp://www.securityfocus.com/bid/11663http://www.trustix.org/errata/2004/0058https://exchange.xforce.ibmcloud.com/vulnerabilities/18048https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11176https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1195https://www.ubuntu.com/usn/usn-25-1/https://www.ubuntu.com/usn/usn-33-1/http://secunia.com/advisories/13179/http://secunia.com/advisories/18686http://secunia.com/advisories/20824http://secunia.com/advisories/21050http://www.ciac.org/ciac/bulletins/p-071.shtmlhttp://www.debian.org/security/2004/dsa-601http://www.mandriva.com/security/advisories?name=MDKSA-2006:113http://www.mandriva.com/security/advisories?name=MDKSA-2006:114http://www.mandriva.com/security/advisories?name=MDKSA-2006:122http://www.redhat.com/support/errata/RHSA-2004-638.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0194.htmlhttp://www.securityfocus.com/bid/11663http://www.trustix.org/errata/2004/0058https://exchange.xforce.ibmcloud.com/vulnerabilities/18048https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11176https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1195https://www.ubuntu.com/usn/usn-25-1/https://www.ubuntu.com/usn/usn-33-1/
2005-02-09
Published