CVE-2004-0941

critical

Description

Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function, a different set of vulnerabilities than CVE-2004-0990.

References

https://www.ubuntu.com/usn/usn-33-1/

https://www.ubuntu.com/usn/usn-25-1/

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1195

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11176

https://exchange.xforce.ibmcloud.com/vulnerabilities/18048

http://www.trustix.org/errata/2004/0058

http://www.securityfocus.com/bid/11663

http://www.redhat.com/support/errata/RHSA-2006-0194.html

http://www.redhat.com/support/errata/RHSA-2004-638.html

http://www.mandriva.com/security/advisories?name=MDKSA-2006:122

http://www.mandriva.com/security/advisories?name=MDKSA-2006:114

http://www.mandriva.com/security/advisories?name=MDKSA-2006:113

http://www.debian.org/security/2004/dsa-601

http://www.ciac.org/ciac/bulletins/p-071.shtml

http://secunia.com/advisories/21050

http://secunia.com/advisories/20824

http://secunia.com/advisories/18686

http://secunia.com/advisories/13179/

Details

Source: Mitre, NVD

Published: 2005-02-09

Updated: 2025-04-03

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.04872