1. Home
  2. CVE Database
  3. CVE-2004-0990
HIGH · 10.0

CVE-2004-0990

Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files...

Vulnerability Description

Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941.

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
Gd Graphics LibraryGdlib1.8.4
OpenpkgOpenpkg2.1
GentooLinuxAll versions
SuseSuse Linux8.0
TrustixSecure Linux1.5

References

FAQ

What is CVE-2004-0990?

CVE-2004-0990 is a vulnerability with a CVSS score of 10.0 (HIGH). Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files...

How severe is CVE-2004-0990?

CVE-2004-0990 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2004-0990?

Check the references section above for vendor advisories and patch information. Affected products include: Gd Graphics Library Gdlib, Openpkg Openpkg, Gentoo Linux, Suse Suse Linux, Trustix Secure Linux.