The remote host is missing an update to libgd announced via advisory DSA 589-1. The GD graphics library had several integer overflows in the PNG image decoding routines
Reporter | Title | Published | Views | Family All 68 |
---|---|---|---|---|
![]() | Ubuntu 4.10 : libgd vulnerabilities (USN-21-1) | 15 Jan 200600:00 | – | nessus |
![]() | Ubuntu 4.10 : libgd2 vulnerabilities (USN-11-1) | 15 Jan 200600:00 | – | nessus |
![]() | GLSA-200411-08 : GD: Integer overflow | 4 Nov 200400:00 | – | nessus |
![]() | FreeBSD : gd -- integer overflow (62239968-2f2a-11d9-a9e7-0001020eed82) | 23 Apr 200900:00 | – | nessus |
![]() | Debian DSA-589-1 : libgd1 - integer overflows | 10 Nov 200400:00 | – | nessus |
![]() | FreeBSD : gd -- integer overflow (55) | 23 Nov 200400:00 | – | nessus |
![]() | Debian DSA-591-1 : libgd2 - integer overflows | 10 Nov 200400:00 | – | nessus |
![]() | RHEL 2.1 / 3 : gd (RHSA-2004:638) | 17 Dec 200400:00 | – | nessus |
![]() | Fedora Core 2 : gd-2.0.21-5.20.1 (2004-411) | 17 Nov 200400:00 | – | nessus |
![]() | CentOS 3 : gd (CESA-2004:638) | 3 Jul 200600:00 | – | nessus |
Source | Link |
---|---|
securityfocus | www.securityfocus.com/bid/11523 |
secure1 | www.secure1.securityspace.com/smysecure/catid.html |
# SPDX-FileCopyrightText: 2008 E-Soft Inc.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.53713");
script_version("2023-07-19T05:05:15+0000");
script_tag(name:"last_modification", value:"2023-07-19 05:05:15 +0000 (Wed, 19 Jul 2023)");
script_tag(name:"creation_date", value:"2008-01-17 22:45:44 +0100 (Thu, 17 Jan 2008)");
script_cve_id("CVE-2004-0990");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_name("Debian Security Advisory DSA 589-1 (libgd)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2008 E-Soft Inc.");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB3\.0");
script_xref(name:"URL", value:"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20589-1");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/11523");
script_tag(name:"insight", value:"infamous41md discovered several integer overflows in the PNG image
decoding routines of the GD graphics library. This could lead to the
execution of arbitrary code on the victim's machine.
For the stable distribution (woody) these problems have been fixed in
version 1.8.4-17.woody3 of libgd1 and in version 2.0.1-10woody1 of
libgd2.
For the unstable distribution (sid) these problems will be fixed soon.");
script_tag(name:"solution", value:"We recommend that you upgrade your libgd1 packages.");
script_tag(name:"summary", value:"The remote host is missing an update to libgd
announced via advisory DSA 589-1.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
res = "";
report = "";
if((res = isdpkgvuln(pkg:"libgd-dev", ver:"1.8.4-17.woody3", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"libgd-noxpm-dev", ver:"1.8.4-17.woody3", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"libgd1", ver:"1.8.4-17.woody3", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"libgd1-noxpm", ver:"1.8.4-17.woody3", rls:"DEB3.0")) != NULL) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo