Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0990

14 documents9 sources
Severity
10.0CRITICAL
EPSS
21.2%
top 4.33%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
4
GD Graphics Library GdlibOpenpkg OpenpkgSuse Suse Linux+1 more
Timeline
PublishedMar 1
Latest updateApr 29

Description

Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages5 packages

Debianlibgd2< 2.0.30-1+3
NVDgd_graphics_library/gdlib10 versions+9
NVDopenpkg/openpkg2.1, 2.2, current+2
NVDsuse/suse_linux6 versions+5
NVDtrustix/secure_linux4 versions+3

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

3
GHSA
GHSA-23x9-mmjc-x474: Integer overflow in GD Graphics Library libgd 22022-04-29
OSV
CVE-2004-0990: Integer overflow in GD Graphics Library libgd 22005-03-01
CVEList
CVE-2004-0990: Integer overflow in GD Graphics Library libgd 22004-10-28

💥Exploits & PoCs

1
Exploit-DB
GD Graphics Library - Local Heap Overflow2004-10-26

📋Vendor Advisories

5
Ubuntu
libgd vulnerabilities2004-11-10
Red Hat
gd: additional overflows2004-11-10
Ubuntu
libgd2 vulnerabilities2004-10-29
Red Hat
security flaw2004-10-26
Debian
CVE-2004-0990: libgd2 - Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly othe...2004

💬Community

4
Bugzilla
CVE-2004-0990 security flaw2018-08-16
Bugzilla
CVE-2004-0941 additional overflows in gd [FC5test2]2006-01-16
Bugzilla
CVE-2004-0941 gd: additional overflows2005-12-09
Bugzilla
CVE-2004-0941 additional overflows in gd2005-12-09