CVE-2004-0990

GD Graphics Library - Local Heap Overflow

Severity Score

8.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941.

Wait.. No.. what is this? Even more potential integer overflows have been found in the GD graphics library which were not covered by security advisory DSA 589 and DSA 601. They could be exploited by a specially crafted graphic and could lead to the execution of arbitrary code on the victim's machine.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2004-10-26 First Exploit
2004-10-27 CVE Reserved
2004-10-28 CVE Published
2024-08-08 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CAPEC

References (29)

URL	Tag	Source
http://marc.info/?l=bugtraq&m=109882489302099&w=2	Mailing List
http://secunia.com/advisories/18717	Third Party Advisory
http://secunia.com/advisories/20824	Third Party Advisory
http://secunia.com/advisories/20866	Third Party Advisory
http://secunia.com/advisories/21050	Third Party Advisory
http://secunia.com/advisories/23783	Third Party Advisory
http://www.ciac.org/ciac/bulletins/p-071.shtml	Government Resource
http://www.osvdb.org/11190	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/17866	Vdb Entry
https://issues.rpath.com/browse/RPL-939	X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1260	Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9952	Signature

URL	Date	SRC
https://www.exploit-db.com/exploits/600	2004-10-26

URL	Date	SRC
http://www.securityfocus.com/bid/11523	2017-10-11

URL	Date	SRC
http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html	2017-10-11
http://www.debian.org/security/2004/dsa-589	2017-10-11
http://www.debian.org/security/2004/dsa-591	2017-10-11
http://www.debian.org/security/2004/dsa-601	2017-10-11
http://www.debian.org/security/2004/dsa-602	2017-10-11
http://www.mandriva.com/security/advisories?name=MDKSA-2004:132	2017-10-11
http://www.mandriva.com/security/advisories?name=MDKSA-2006:113	2017-10-11
http://www.mandriva.com/security/advisories?name=MDKSA-2006:114	2017-10-11
http://www.mandriva.com/security/advisories?name=MDKSA-2006:122	2017-10-11
http://www.redhat.com/support/errata/RHSA-2004-638.html	2017-10-11
http://www.trustix.org/errata/2004/0058	2017-10-11
https://www.ubuntu.com/usn/usn-11-1	2017-10-11
https://www.ubuntu.com/usn/usn-25-1	2017-10-11
https://access.redhat.com/security/cve/CVE-2004-0990	2004-12-17
https://bugzilla.redhat.com/show_bug.cgi?id=1617343	2004-12-17

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Gd Graphics Library Search vendor "Gd Graphics Library"		Gdlib Search vendor "Gd Graphics Library" for product "Gdlib"				1.8.4 Search vendor "Gd Graphics Library" for product "Gdlib" and version "1.8.4"		-		Affected
Gd Graphics Library Search vendor "Gd Graphics Library"		Gdlib Search vendor "Gd Graphics Library" for product "Gdlib"				2.0.1 Search vendor "Gd Graphics Library" for product "Gdlib" and version "2.0.1"		-		Affected
Gd Graphics Library Search vendor "Gd Graphics Library"		Gdlib Search vendor "Gd Graphics Library" for product "Gdlib"				2.0.15 Search vendor "Gd Graphics Library" for product "Gdlib" and version "2.0.15"		-		Affected
Gd Graphics Library Search vendor "Gd Graphics Library"		Gdlib Search vendor "Gd Graphics Library" for product "Gdlib"				2.0.20 Search vendor "Gd Graphics Library" for product "Gdlib" and version "2.0.20"		-		Affected
Gd Graphics Library Search vendor "Gd Graphics Library"		Gdlib Search vendor "Gd Graphics Library" for product "Gdlib"				2.0.21 Search vendor "Gd Graphics Library" for product "Gdlib" and version "2.0.21"		-		Affected
Gd Graphics Library Search vendor "Gd Graphics Library"		Gdlib Search vendor "Gd Graphics Library" for product "Gdlib"				2.0.22 Search vendor "Gd Graphics Library" for product "Gdlib" and version "2.0.22"		-		Affected
Gd Graphics Library Search vendor "Gd Graphics Library"		Gdlib Search vendor "Gd Graphics Library" for product "Gdlib"				2.0.23 Search vendor "Gd Graphics Library" for product "Gdlib" and version "2.0.23"		-		Affected
Gd Graphics Library Search vendor "Gd Graphics Library"		Gdlib Search vendor "Gd Graphics Library" for product "Gdlib"				2.0.26 Search vendor "Gd Graphics Library" for product "Gdlib" and version "2.0.26"		-		Affected
Gd Graphics Library Search vendor "Gd Graphics Library"		Gdlib Search vendor "Gd Graphics Library" for product "Gdlib"				2.0.27 Search vendor "Gd Graphics Library" for product "Gdlib" and version "2.0.27"		-		Affected
Gd Graphics Library Search vendor "Gd Graphics Library"		Gdlib Search vendor "Gd Graphics Library" for product "Gdlib"				2.0.28 Search vendor "Gd Graphics Library" for product "Gdlib" and version "2.0.28"		-		Affected
Openpkg Search vendor "Openpkg"		Openpkg Search vendor "Openpkg" for product "Openpkg"				2.1 Search vendor "Openpkg" for product "Openpkg" and version "2.1"		-		Affected
Openpkg Search vendor "Openpkg"		Openpkg Search vendor "Openpkg" for product "Openpkg"				2.2 Search vendor "Openpkg" for product "Openpkg" and version "2.2"		-		Affected
Openpkg Search vendor "Openpkg"		Openpkg Search vendor "Openpkg" for product "Openpkg"				current Search vendor "Openpkg" for product "Openpkg" and version "current"		-		Affected
Gentoo Search vendor "Gentoo"		Linux Search vendor "Gentoo" for product "Linux"				*		-		Affected
Suse Search vendor "Suse"		Suse Linux Search vendor "Suse" for product "Suse Linux"				8.0 Search vendor "Suse" for product "Suse Linux" and version "8.0"		-		Affected
Suse Search vendor "Suse"		Suse Linux Search vendor "Suse" for product "Suse Linux"				8.1 Search vendor "Suse" for product "Suse Linux" and version "8.1"		-		Affected
Suse Search vendor "Suse"		Suse Linux Search vendor "Suse" for product "Suse Linux"				8.2 Search vendor "Suse" for product "Suse Linux" and version "8.2"		-		Affected
Suse Search vendor "Suse"		Suse Linux Search vendor "Suse" for product "Suse Linux"				9.0 Search vendor "Suse" for product "Suse Linux" and version "9.0"		-		Affected
Suse Search vendor "Suse"		Suse Linux Search vendor "Suse" for product "Suse Linux"				9.0 Search vendor "Suse" for product "Suse Linux" and version "9.0"		x86_64		Affected
Suse Search vendor "Suse"		Suse Linux Search vendor "Suse" for product "Suse Linux"				9.1 Search vendor "Suse" for product "Suse Linux" and version "9.1"		-		Affected
Suse Search vendor "Suse"		Suse Linux Search vendor "Suse" for product "Suse Linux"				9.2 Search vendor "Suse" for product "Suse Linux" and version "9.2"		-		Affected
Trustix Search vendor "Trustix"		Secure Linux Search vendor "Trustix" for product "Secure Linux"				1.5 Search vendor "Trustix" for product "Secure Linux" and version "1.5"		-		Affected
Trustix Search vendor "Trustix"		Secure Linux Search vendor "Trustix" for product "Secure Linux"				2.0 Search vendor "Trustix" for product "Secure Linux" and version "2.0"		-		Affected
Trustix Search vendor "Trustix"		Secure Linux Search vendor "Trustix" for product "Secure Linux"				2.1 Search vendor "Trustix" for product "Secure Linux" and version "2.1"		-		Affected
Trustix Search vendor "Trustix"		Secure Linux Search vendor "Trustix" for product "Secure Linux"				2.2 Search vendor "Trustix" for product "Secure Linux" and version "2.2"		-		Affected