FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2004-0990

This CVE name corresponds to:

Entered Topic
2004-11-05 gd -- integer overflow

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2004-0990
Phase Assigned(20041027)

Description

Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941.

References

Source Reference
BUGTRAQ 20041026 libgd integer overflow
CONFIRM https://issues.rpath.com/browse/RPL-939
DEBIAN DSA-589
DEBIAN DSA-591
DEBIAN DSA-601
DEBIAN DSA-602
MANDRAKE MDKSA-2004:132
MANDRIVA MDKSA-2006:113
MANDRIVA MDKSA-2006:114
MANDRIVA MDKSA-2006:122
REDHAT RHSA-2004:638
SUSE SUSE-SR:2006:003
TRUSTIX 2004-0058
UBUNTU USN-11-1
UBUNTU USN-25-1
CIAC P-071
BID 11523
OSVDB 11190
OVAL oval:org.mitre.oval:def:1260
OVAL oval:org.mitre.oval:def:9952
SECUNIA 18717
SECUNIA 20866
SECUNIA 20824
SECUNIA 21050
SECUNIA 23783
XF gd-png-bo(17866)