10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.132 Low
EPSS
Percentile
95.5%
CentOS Errata and Security Advisory CESA-2006:0194
The gd package contains a graphics library used for the dynamic creation of
images such as PNG and JPEG.
Several buffer overflow flaws were found in the way gd allocates memory.
An attacker could create a carefully crafted image that could execute
arbitrary code if opened by a victim using a program linked against the gd
library. The Common Vulnerabilities and Exposures project (cve.mitre.org)
assigned the name CVE-2004-0941 to these issues.
Users of gd should upgrade to these updated packages, which contain a
backported patch and is not vulnerable to these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2006-February/074767.html
https://lists.centos.org/pipermail/centos-announce/2006-February/074768.html
https://lists.centos.org/pipermail/centos-announce/2006-February/074769.html
https://lists.centos.org/pipermail/centos-announce/2006-February/074770.html
https://lists.centos.org/pipermail/centos-announce/2006-February/074771.html
Affected packages:
gd
gd-devel
gd-progs
Upstream details at:
https://access.redhat.com/errata/RHSA-2006:0194
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 4 | ia64 | gd | < 2.0.28-4.4E.1 | gd-2.0.28-4.4E.1.ia64.rpm |
CentOS | 4 | ia64 | gd-devel | < 2.0.28-4.4E.1 | gd-devel-2.0.28-4.4E.1.ia64.rpm |
CentOS | 4 | ia64 | gd-progs | < 2.0.28-4.4E.1 | gd-progs-2.0.28-4.4E.1.ia64.rpm |
CentOS | 4 | alpha | gd | < 2.0.28-4.4E.1 | gd-2.0.28-4.4E.1.alpha.rpm |
CentOS | 4 | alpha | gd-devel | < 2.0.28-4.4E.1 | gd-devel-2.0.28-4.4E.1.alpha.rpm |
CentOS | 4 | alpha | gd-progs | < 2.0.28-4.4E.1 | gd-progs-2.0.28-4.4E.1.alpha.rpm |
CentOS | 4 | s390 | gd | < 2.0.28-4.4E.1 | gd-2.0.28-4.4E.1.s390.rpm |
CentOS | 4 | s390 | gd-devel | < 2.0.28-4.4E.1 | gd-devel-2.0.28-4.4E.1.s390.rpm |
CentOS | 4 | s390 | gd-progs | < 2.0.28-4.4E.1 | gd-progs-2.0.28-4.4E.1.s390.rpm |
CentOS | 4 | s390x | gd | < 2.0.28-4.4E.1 | gd-2.0.28-4.4E.1.s390x.rpm |