CVE-2004-0941
Summary
| CVE | CVE-2004-0941 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2005-02-09 05:00:00 UTC |
| Updated | 2018-05-03 01:29:00 UTC |
| Description | Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function, a different set of vulnerabilities than CVE-2004-0990. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Gd Graphics Library | Gdlib | 1.8.4 | All | All | All |
| Application | Gd Graphics Library | Gdlib | 2.0.1 | All | All | All |
| Application | Gd Graphics Library | Gdlib | 2.0.20 | All | All | All |
| Application | Gd Graphics Library | Gdlib | 2.0.21 | All | All | All |
| Application | Gd Graphics Library | Gdlib | 2.0.22 | All | All | All |
| Application | Gd Graphics Library | Gdlib | 2.0.23 | All | All | All |
| Application | Gd Graphics Library | Gdlib | 2.0.26 | All | All | All |
| Application | Gd Graphics Library | Gdlib | 2.0.27 | All | All | All |
| Application | Gd Graphics Library | Gdlib | 2.0.28 | All | All | All |
| Application | Gd Graphics Library | Gdlib | 2.0.33 | All | All | All |
| Application | Gd Graphics Library | Gdlib | 1.8.4 | All | All | All |
| Application | Gd Graphics Library | Gdlib | 2.0.1 | All | All | All |
| Application | Gd Graphics Library | Gdlib | 2.0.20 | All | All | All |
| Application | Gd Graphics Library | Gdlib | 2.0.21 | All | All | All |
| Application | Gd Graphics Library | Gdlib | 2.0.22 | All | All | All |
| Application | Gd Graphics Library | Gdlib | 2.0.23 | All | All | All |
| Application | Gd Graphics Library | Gdlib | 2.0.26 | All | All | All |
| Application | Gd Graphics Library | Gdlib | 2.0.27 | All | All | All |
| Application | Gd Graphics Library | Gdlib | 2.0.28 | All | All | All |
| Application | Gd Graphics Library | Gdlib | 2.0.33 | All | All | All |
| Operating System | Trustix | Secure Linux | 1.5 | All | All | All |
| Operating System | Trustix | Secure Linux | 2.0 | All | All | All |
| Operating System | Trustix | Secure Linux | 2.1 | All | All | All |
| Operating System | Trustix | Secure Linux | 2.2 | All | All | All |
| Operating System | Trustix | Secure Linux | 1.5 | All | All | All |
| Operating System | Trustix | Secure Linux | 2.0 | All | All | All |
| Operating System | Trustix | Secure Linux | 2.1 | All | All | All |
| Operating System | Trustix | Secure Linux | 2.2 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Advisories - Mandriva Linux OS | MANDRIVA | www.mandriva.com | |
| usn/usn-25-1 - Ubuntu Linux | UBUNTU | www.ubuntu.com | |
| Advisories - Mandriva Linux | MANDRIVA | www.mandriva.com | |
| Red Hat update for gd - Advisories - Secunia | SECUNIA | secunia.com | |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| P-071: Updated "gd" Packages | CIAC | www.ciac.org | |
| Secunia - Advisories - Mandriva update for libwmf | SECUNIA | secunia.com | |
| GD Graphics Library Multiple Unspecified Remote Buffer overflow Vulnerabilities | BID | www.securityfocus.com | Patch, Vendor Advisory |
| Support | REDHAT | www.redhat.com | |
| usn/usn-33-1 - Ubuntu Linux | UBUNTU | www.ubuntu.com | |
| Advisories - Mandriva Linux | MANDRIVA | www.mandriva.com | |
| Secunia - Advisories - GD Graphics Library Unspecified Buffer Overflow Vulnerabilities | SECUNIA | secunia.com | |
| Mandriva update for php - Advisories - Secunia | SECUNIA | secunia.com | |
| Support | REDHAT | www.redhat.com | |
| 2004-0058 | TRUSTIX | www.trustix.org | Patch, Vendor Advisory |
| Debian -- Security Information -- DSA-601-1 libgd | DEBIAN | www.debian.org | |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
| Organization | Published | Contributor | Statement |
|---|---|---|---|
| Red Hat | 2007-03-14 | Mark J Cox | Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. |
There are currently no legacy QID mappings associated with this CVE.