Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2004:638
HistoryMay 27, 2005 - 1:29 p.m.

gd security update

2005-05-2713:29:15
CentOS Project
lists.centos.org
68

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.217 Low

EPSS

Percentile

96.4%

JSON

CentOS Errata and Security Advisory CESA-2004:638

The gd packages contain a graphics library used for the dynamic creation of
images such as PNG and JPEG.

Several buffer overflows were reported in various memory allocation calls.
An attacker could create a carefully crafted image file in such a way that
it could cause ImageMagick to execute arbitrary code when processing the
image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0990 to these issues.

While researching the fixes to these overflows, additional buffer overflows
were discovered in calls to gdMalloc. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0941 to
these issues.

Users of gd should upgrade to these updated packages, which contain a
backported security patch, and are not vulnerable to these issues.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2005-May/073929.html
https://lists.centos.org/pipermail/centos-announce/2005-May/073930.html

Affected packages:
gd
gd-devel
gd-progs

Upstream details at:
https://access.redhat.com/errata/RHSA-2004:638

Related

openvas 19
debiancve 2
ubuntu 4
nessus 23
osv 4
ubuntucve 3
cve 2
debian 8
redhat 2
gentoo 1
freebsd 2
centos 1
checkpoint_advisories 1
securityvulns 2
slackware 1
openvas
openvas
FreeBSD Ports: gd, uk-gd, ja-gd
2008-09-04 00:00:00
Debian Security Advisory DSA 601-1 (libgd1)
2008-01-17 00:00:00
Debian Security Advisory DSA 602-1 (libgd2)
2008-01-17 00:00:00
debiancve
debiancve
CVE-2004-0941
2005-02-09 05:00:00
CVE-2004-0990
2005-03-01 05:00:00
ubuntu
ubuntu
libgd vulnerabilities
2004-11-30 00:00:00
libgd2 vulnerability
2004-11-16 00:00:00
libgd2 vulnerabilities
2004-10-29 00:00:00
nessus
nessus
Ubuntu 4.10 : libgd2 vulnerability (USN-25-1)
2006-01-15 00:00:00
Debian DSA-602-1 : libgd2 - integer overflow
2004-11-30 00:00:00
RHEL 2.1 / 3 : gd (RHSA-2004:638)
2004-12-17 00:00:00
osv
osv
libgd1 - integer overflow
2004-11-29 00:00:00
libgd2 - integer overlow
2004-11-29 00:00:00
libgd2 - integer overflows
2004-11-09 00:00:00
ubuntucve
ubuntucve
CVE-2004-0990
2005-03-01 00:00:00
CVE-2004-0941
2005-02-09 00:00:00
CVE-2007-3473
2007-06-28 00:00:00
cve
cve
CVE-2004-0990
2005-03-01 05:00:00
CVE-2004-0941
2005-02-09 05:00:00
debian
debian
[SECURITY] [DSA 602-1] New libgd2 packages fix arbitrary code execution
2004-11-29 15:57:41
[SECURITY] [DSA 601-1] New libgd1 packages fix arbitrary code execution
2004-11-29 14:32:29
[SECURITY] [DSA 602-1] New libgd2 packages fix arbitrary code execution
2004-11-29 15:57:41
redhat
redhat
(RHSA-2004:638) gd security update
2004-12-16 00:00:00
(RHSA-2006:0194) gd security update
2006-02-01 00:00:00
gentoo
gentoo
GD: Integer overflow
2004-11-03 00:00:00
freebsd
freebsd
gd -- integer overflow
2004-10-26 00:00:00
libwmf -- multiple vulnerabilities
2004-10-12 00:00:00
centos
centos
gd security update
2006-02-01 19:06:04
checkpoint_advisories
checkpoint_advisories
GD Graphics Library PNG Buffer Overflow (CVE-2004-0941)
2015-01-08 00:00:00
securityvulns
securityvulns
[Full-disclosure] [ MDKSA-2006:114 ] - Updated libwmf packages fixes embedded GD vulnerability
2006-06-28 00:00:00
[Full-disclosure] [ MDKSA-2006:113 ] - Updated tetex packages fix embedded GD vulnerabilities
2006-06-28 00:00:00
slackware
slackware
[slackware-security] libwmf
2018-05-01 01:19:49

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.217 Low

EPSS

Percentile

96.4%

JSON
Related for CESA-2004:638
openvas19debiancve2ubuntu4nessus23osv4ubuntucve3cve2debian8redhat2gentoo1freebsd2centos1checkpoint_advisories1securityvulns2slackware1