CVE-2004-0990 Common Vulnerabilities and Exposures

Upstream information

CVE-2004-0990 at MITRE

Description

Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having critical severity.

CVSS v2 Scores
	National Vulnerability Database
Base Score	10
Vector	AV:N/AC:L/Au:N/C:C/I:C/A:C
Access Vector	Network
Access Complexity	Low
Authentication	None
Confidentiality Impact	Complete
Integrity Impact	Complete
Availability Impact	Complete

SUSE Bugzilla entries: 138007 [RESOLVED / FIXED], 62666 [RESOLVED / FIXED]

SUSE Security Advisories:

SUSE-SR:2006:003, published Fri, 03 Feb 2006 12:00:00 +0000

SUSE Timeline for this CVE

CVE page created: Fri Jun 28 01:01:42 2013
CVE page last modified: Fri Dec 8 16:10:27 2023