What is CVE-2004-0990?

CVE-2004-0990 is a vulnerability in Gd_graphics_library Gdlib. Published 2005-03-01.

Is CVE-2004-0990 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Gd_graphics_library Gdlib

CVE-2004-0990

Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead…

EPSS: 0.283 (97.9th percentile) — read the EPSS interpretation.

Affected products

Gd_graphics_library Gdlib — versions 1.8.4, 2.0.1, 2.0.15
Gentoo Linux
Openpkg — versions 2.1, 2.2, current
Trustix Secure_linux — versions 1.5, 2.0, 2.1
Suse Suse_linux — versions 8.0, 8.1, 8.2
N/a — versions n/a

Public proof-of-concept exploits

References

cve@mitre.org (government-resource, x_refsource_CIAC, third-party-advisory)
cve@mitre.org (x_refsource_SECUNIA, third-party-advisory)
cve@mitre.org (x_refsource_OSVDB, vdb-entry)
cve@mitre.org (x_refsource_SECUNIA, third-party-advisory)
cve@mitre.org (Patch, vdb-entry, x_refsource_BID, Vendor Advisory)
cve@mitre.org (vdb-entry, x_refsource_XF)
cve@mitre.org (x_refsource_REDHAT, vendor-advisory)
cve@mitre.org (vendor-advisory, x_refsource_DEBIAN)
cve@mitre.org (vendor-advisory, x_refsource_MANDRIVA)
cve@mitre.org (x_refsource_OVAL, signature, vdb-entry)

Frequently asked questions

What is CVE-2004-0990?: CVE-2004-0990 is a vulnerability in Gd_graphics_library Gdlib. Published 2005-03-01.
Is CVE-2004-0990 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.