CVE-2004-0994
published 2005-01-10CVE-2004-0994: Multiple integer overflows in xzgv 0.8 and earlier allow remote attackers to execute arbitrary code via images with large width and height values, which…
PriorityP334critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
5.15%
91.4th percentile
Multiple integer overflows in xzgv 0.8 and earlier allow remote attackers to execute arbitrary code via images with large width and height values, which trigger a heap-based buffer overflow, as demonstrated in the read_prf_file function in readprf.c. NOTE: CVE-2004-0994 and CVE-2004-1095 identify sets of bugs that only partially overlap, despite having the same developer. Therefore, they should be regarded as distinct.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | xzgv | < xzgv 0.8-3 (bookworm) | xzgv 0.8-3 (bookworm) |
| zgv | xzgv_image_viewer | — | — |
| zgv | xzgv_image_viewer | — | — |
| zgv | xzgv_image_viewer | — | — |
| zgv | xzgv_image_viewer | >= 0 < 0.8-3 | 0.8-3 |
| zgv | xzgv_image_viewer | >= 0 < 0.8-3 | 0.8-3 |
| zgv | xzgv_image_viewer | >= 0 < 0.8-3 | 0.8-3 |
| zgv | zgv_image_viewer | — | — |
| zgv | zgv_image_viewer | — | — |
| zgv | zgv_image_viewer | — | — |
| zgv | zgv_image_viewer | — | — |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4j57-jr5f-ppvg: Multiple integer overflows in (1) readbmp
ghsa_unreviewed·2022-04-29·CVSS 10.0
CVE-2004-1095 [CRITICAL] GHSA-4j57-jr5f-ppvg: Multiple integer overflows in (1) readbmp
Multiple integer overflows in (1) readbmp.c, (2) readgif.c, (3) readgif.c, (4) readmrf.c, (5) readpcx.c, (6) readpng.c,(7) readpnm.c, (8) readprf.c, (9) readtiff.c, (10) readxbm.c, (11) readxpm.c in zgv 5.8 allow remote attackers to execute arbitrary code via certain image headers that cause calculations to be overflowed and small buffers to be allocated, leading to buffer overflows. NOTE: CVE-2004-0994 and CVE-2004-1095 identify sets of bugs that only partially overlap, despite having the same developer. Therefore, they should be regarded as distinct.
GHSA
GHSA-74wh-7854-hjwj: Multiple integer overflows in xzgv 0
ghsa_unreviewed·2022-04-29·CVSS 10.0
CVE-2004-0994 [CRITICAL] GHSA-74wh-7854-hjwj: Multiple integer overflows in xzgv 0
Multiple integer overflows in xzgv 0.8 and earlier allow remote attackers to execute arbitrary code via images with large width and height values, which trigger a heap-based buffer overflow, as demonstrated in the read_prf_file function in readprf.c. NOTE: CVE-2004-0994 and CVE-2004-1095 identify sets of bugs that only partially overlap, despite having the same developer. Therefore, they should be regarded as distinct.
OSV
CVE-2004-0994: Multiple integer overflows in xzgv 0
osv·2005-01-10·CVSS 10.0
CVE-2004-0994 [CRITICAL] CVE-2004-0994: Multiple integer overflows in xzgv 0
Multiple integer overflows in xzgv 0.8 and earlier allow remote attackers to execute arbitrary code via images with large width and height values, which trigger a heap-based buffer overflow, as demonstrated in the read_prf_file function in readprf.c. NOTE: CVE-2004-0994 and CVE-2004-1095 identify sets of bugs that only partially overlap, despite having the same developer. Therefore, they should be regarded as distinct.
Debian
CVE-2004-0994: xzgv - Multiple integer overflows in xzgv 0.8 and earlier allow remote attackers to exe...
vendor_debian·2004·CVSS 10.0
CVE-2004-0994 [CRITICAL] CVE-2004-0994: xzgv - Multiple integer overflows in xzgv 0.8 and earlier allow remote attackers to exe...
Multiple integer overflows in xzgv 0.8 and earlier allow remote attackers to execute arbitrary code via images with large width and height values, which trigger a heap-based buffer overflow, as demonstrated in the read_prf_file function in readprf.c. NOTE: CVE-2004-0994 and CVE-2004-1095 identify sets of bugs that only partially overlap, despite having the same developer. Therefore, they should be regarded as distinct.
Scope: local
bookworm: resolved (fixed in 0.8-3)
bullseye: resolved (fixed in 0.8-3)
sid: resolved (fixed in 0.8-3)
trixie: resolved (fixed in 0.8-3)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=110297198402077&w=2http://rus.members.beeb.net/xzgv-0.8-integer-overflow-fix.diffhttp://www.debian.org/security/2004/dsa-614https://exchange.xforce.ibmcloud.com/vulnerabilities/18454http://marc.info/?l=bugtraq&m=110297198402077&w=2http://rus.members.beeb.net/xzgv-0.8-integer-overflow-fix.diffhttp://www.debian.org/security/2004/dsa-614https://exchange.xforce.ibmcloud.com/vulnerabilities/18454
2005-01-10
Published