FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

gd -- integer overflow

Affected packages
gd < 2.0.29,1
1.*,2 < gd < 2.*,2
ja-gd < 2.0.29,1
1.*,2 < ja-gd < 2.*,2
uk-gd < 2.0.29,1
1.*,2 < uk-gd < 2.*,2


VuXML ID 62239968-2f2a-11d9-a9e7-0001020eed82
Discovery 2004-10-26
Entry 2004-11-05

infamous41md reports about the GD Graphics Library:

There is an integer overflow when allocating memory in the routine that handles loading PNG image files. This later leads to heap data structures being overwritten. If an attacker tricked a user into loading a malicious PNG image, they could leverage this into executing arbitrary code in the context of the user opening image.


Bugtraq ID 11523
CVE Name CVE-2004-0990