Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2004:638
HistoryDec 16, 2004 - 12:00 a.m.

(RHSA-2004:638) gd security update

2004-12-1600:00:00
access.redhat.com
10

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.217 Low

EPSS

Percentile

96.0%

JSON

The gd packages contain a graphics library used for the dynamic creation of
images such as PNG and JPEG.

Several buffer overflows were reported in various memory allocation calls.
An attacker could create a carefully crafted image file in such a way that
it could cause ImageMagick to execute arbitrary code when processing the
image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0990 to these issues.

While researching the fixes to these overflows, additional buffer overflows
were discovered in calls to gdMalloc. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0941 to
these issues.

Users of gd should upgrade to these updated packages, which contain a
backported security patch, and are not vulnerable to these issues.

Related

openvas 19
debiancve 2
ubuntu 4
nessus 23
osv 4
ubuntucve 3
centos 2
cve 2
debian 8
gentoo 1
freebsd 2
checkpoint_advisories 1
redhat 1
securityvulns 2
slackware 1
openvas
openvas
FreeBSD Ports: gd, uk-gd, ja-gd
2008-09-04 00:00:00
Debian Security Advisory DSA 601-1 (libgd1)
2008-01-17 00:00:00
Debian Security Advisory DSA 602-1 (libgd2)
2008-01-17 00:00:00
debiancve
debiancve
CVE-2004-0941
2005-02-09 05:00:00
CVE-2004-0990
2005-03-01 05:00:00
ubuntu
ubuntu
libgd vulnerabilities
2004-11-30 00:00:00
libgd2 vulnerability
2004-11-16 00:00:00
libgd2 vulnerabilities
2004-10-29 00:00:00
nessus
nessus
Ubuntu 4.10 : libgd2 vulnerability (USN-25-1)
2006-01-15 00:00:00
Debian DSA-602-1 : libgd2 - integer overflow
2004-11-30 00:00:00
RHEL 2.1 / 3 : gd (RHSA-2004:638)
2004-12-17 00:00:00
osv
osv
libgd1 - integer overflow
2004-11-29 00:00:00
libgd2 - integer overlow
2004-11-29 00:00:00
libgd2 - integer overflows
2004-11-09 00:00:00
ubuntucve
ubuntucve
CVE-2004-0990
2005-03-01 00:00:00
CVE-2004-0941
2005-02-09 00:00:00
CVE-2007-3473
2007-06-28 00:00:00
centos
centos
gd security update
2005-05-27 13:29:15
gd security update
2006-02-01 19:06:04
cve
cve
CVE-2004-0990
2005-03-01 05:00:00
CVE-2004-0941
2005-02-09 05:00:00
debian
debian
[SECURITY] [DSA 602-1] New libgd2 packages fix arbitrary code execution
2004-11-29 15:57:41
[SECURITY] [DSA 601-1] New libgd1 packages fix arbitrary code execution
2004-11-29 14:32:29
[SECURITY] [DSA 602-1] New libgd2 packages fix arbitrary code execution
2004-11-29 15:57:41
gentoo
gentoo
GD: Integer overflow
2004-11-03 00:00:00
freebsd
freebsd
gd -- integer overflow
2004-10-26 00:00:00
libwmf -- multiple vulnerabilities
2004-10-12 00:00:00
checkpoint_advisories
checkpoint_advisories
GD Graphics Library PNG Buffer Overflow (CVE-2004-0941)
2015-01-08 00:00:00
redhat
redhat
(RHSA-2006:0194) gd security update
2006-02-01 00:00:00
securityvulns
securityvulns
[Full-disclosure] [ MDKSA-2006:114 ] - Updated libwmf packages fixes embedded GD vulnerability
2006-06-28 00:00:00
[Full-disclosure] [ MDKSA-2006:113 ] - Updated tetex packages fix embedded GD vulnerabilities
2006-06-28 00:00:00
slackware
slackware
[slackware-security] libwmf
2018-05-01 01:19:49

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.217 Low

EPSS

Percentile

96.0%

JSON
Related for RHSA-2004:638
openvas19debiancve2ubuntu4nessus23osv4ubuntucve3centos2cve2debian8gentoo1freebsd2checkpoint_advisories1redhat1securityvulns2slackware1