MidnightBSD

Advisories for gd_graphics_library

CVE-2004-0941 HIGH

Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function, a different set of vulnerabilities than CVE-2004-0990.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gd_graphics_library gdlib 2.0.23
trustix secure_linux 2.0
gd_graphics_library gdlib 2.0.20
gd_graphics_library gdlib 2.0.1
gd_graphics_library gdlib 2.0.26
trustix secure_linux 2.1
gd_graphics_library gdlib 2.0.33
gd_graphics_library gdlib 2.0.27
gd_graphics_library gdlib 2.0.22
gd_graphics_library gdlib 1.8.4
gd_graphics_library gdlib 2.0.21
gd_graphics_library gdlib 2.0.28
trustix secure_linux 1.5
trustix secure_linux 2.2
CVE-2004-0990 HIGH

Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gd_graphics_library gdlib 2.0.15
openpkg openpkg current
trustix secure_linux 2.0
gd_graphics_library gdlib 2.0.20
gentoo linux *
trustix secure_linux 2.1
gd_graphics_library gdlib 2.0.27
gd_graphics_library gdlib 2.0.21
openpkg openpkg 2.1
gd_graphics_library gdlib 2.0.23
gd_graphics_library gdlib 2.0.1
suse suse_linux 8.1
suse suse_linux 8.2
suse suse_linux 9.2
gd_graphics_library gdlib 2.0.26
suse suse_linux 9.0
suse suse_linux 9.1
gd_graphics_library gdlib 2.0.22
gd_graphics_library gdlib 1.8.4
gd_graphics_library gdlib 2.0.28
trustix secure_linux 1.5
suse suse_linux 8.0
openpkg openpkg 2.2
trustix secure_linux 2.2