CVE-2004-1095

zgv 5.5 - Multiple Arbitrary Code Executions

Severity Score

10.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple integer overflows in (1) readbmp.c, (2) readgif.c, (3) readgif.c, (4) readmrf.c, (5) readpcx.c, (6) readpng.c,(7) readpnm.c, (8) readprf.c, (9) readtiff.c, (10) readxbm.c, (11) readxpm.c in zgv 5.8 allow remote attackers to execute arbitrary code via certain image headers that cause calculations to be overflowed and small buffers to be allocated, leading to buffer overflows. NOTE: CVE-2004-0994 and CVE-2004-1095 identify sets of bugs that only partially overlap, despite having the same developer. Therefore, they should be regarded as distinct.

Múltiples desbordamientos de enteros en

readbmp.c
readgif.c
readgif.c
readmrf.c
readpcx.c
readpng.c
readpnm.c
readprf.c
readtiff.c
readxbm.c
readxpm.c

en zgv 5.8 permite a atacantes remotos ejecutar código de su elección mediante ciertas cabeceras de imágenes que hacen que algunos cálculos se desborden y se asignen pequeños búferes, lo que conduce a desbordamientos.
Nota: CAN-2004-0994 y CAN-2004-1095 identifican grupos de errores que solo se solapan parcialmente , a pesar de tener el mismo desarrollador. Por lo tanto, deberían considerarse distintos.

*Credits: N/A

CVSS Scores

NISTv2 10.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2004-10-28 First Exploit
2004-11-30 CVE Reserved
2004-12-01 CVE Published
2023-11-08 EPSS Updated
2024-08-08 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CAPEC

References (8)

URL	Tag	Source
http://marc.info/?l=bugtraq&m=109886210702781&w=2	Mailing List
http://marc.info/?l=bugtraq&m=109898111915661&w=2	Mailing List
http://www.svgalib.org/rus/zgv	X_refsource_confirm
http://www.svgalib.org/rus/zgv/zgv-5.8-integer-overflow-fix.diff	X_refsource_confirm
https://exchange.xforce.ibmcloud.com/vulnerabilities/17871	Vdb Entry

URL	Date	SRC
https://www.exploit-db.com/exploits/609	2004-10-28

URL	Date	SRC
http://www.securityfocus.com/bid/11556	2017-07-11

URL	Date	SRC
http://www.gentoo.org/security/en/glsa/glsa-200411-12.xml	2017-07-11

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Zgv Search vendor "Zgv"		Xzgv Image Viewer Search vendor "Zgv" for product "Xzgv Image Viewer"				0.6 Search vendor "Zgv" for product "Xzgv Image Viewer" and version "0.6"		-		Affected
Zgv Search vendor "Zgv"		Xzgv Image Viewer Search vendor "Zgv" for product "Xzgv Image Viewer"				0.7 Search vendor "Zgv" for product "Xzgv Image Viewer" and version "0.7"		-		Affected
Zgv Search vendor "Zgv"		Xzgv Image Viewer Search vendor "Zgv" for product "Xzgv Image Viewer"				0.8 Search vendor "Zgv" for product "Xzgv Image Viewer" and version "0.8"		-		Affected
Zgv Search vendor "Zgv"		Zgv Image Viewer Search vendor "Zgv" for product "Zgv Image Viewer"				5.5 Search vendor "Zgv" for product "Zgv Image Viewer" and version "5.5"		-		Affected
Zgv Search vendor "Zgv"		Zgv Image Viewer Search vendor "Zgv" for product "Zgv Image Viewer"				5.6 Search vendor "Zgv" for product "Zgv Image Viewer" and version "5.6"		-		Affected
Zgv Search vendor "Zgv"		Zgv Image Viewer Search vendor "Zgv" for product "Zgv Image Viewer"				5.7 Search vendor "Zgv" for product "Zgv Image Viewer" and version "5.7"		-		Affected
Zgv Search vendor "Zgv"		Zgv Image Viewer Search vendor "Zgv" for product "Zgv Image Viewer"				5.8 Search vendor "Zgv" for product "Zgv Image Viewer" and version "5.8"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0"		alpha		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0"		arm		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0"		hppa		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0"		ia-32		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0"		ia-64		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0"		m68k		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0"		mips		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0"		mipsel		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0"		ppc		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0"		s-390		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0"		sparc		Affected