Search for vulnerabilities
Vulnerability details: VCID-9xc2-fhm4-aaaq
Vulnerability ID VCID-9xc2-fhm4-aaaq
Aliases CVE-2004-0990
Summary Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941.
Status Published
Exploitability 2.0
Weighted Severity 9.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2004:638
epss 0.21652 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.21652 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.21652 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.21652 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.21652 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.21652 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.21652 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.21652 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.21652 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.21652 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.21652 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.23553 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.23553 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.23553 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.24871 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
epss 0.36679 https://api.first.org/data/v1/epss?cve=CVE-2004-0990
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=1617343
cvssv2 10.0 https://nvd.nist.gov/vuln/detail/CVE-2004-0990
Reference id Reference type URL
http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html
http://marc.info/?l=bugtraq&m=109882489302099&w=2
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0990.json
https://api.first.org/data/v1/epss?cve=CVE-2004-0990
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0990
http://secunia.com/advisories/18717
http://secunia.com/advisories/20824
http://secunia.com/advisories/20866
http://secunia.com/advisories/21050
http://secunia.com/advisories/23783
https://exchange.xforce.ibmcloud.com/vulnerabilities/17866
https://issues.rpath.com/browse/RPL-939
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1260
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9952
https://www.ubuntu.com/usn/usn-11-1/
https://www.ubuntu.com/usn/usn-25-1/
http://www.ciac.org/ciac/bulletins/p-071.shtml
http://www.debian.org/security/2004/dsa-589
http://www.debian.org/security/2004/dsa-591
http://www.debian.org/security/2004/dsa-601
http://www.debian.org/security/2004/dsa-602
http://www.mandriva.com/security/advisories?name=MDKSA-2004:132
http://www.mandriva.com/security/advisories?name=MDKSA-2006:113
http://www.mandriva.com/security/advisories?name=MDKSA-2006:114
http://www.mandriva.com/security/advisories?name=MDKSA-2006:122
http://www.osvdb.org/11190
http://www.redhat.com/support/errata/RHSA-2004-638.html
http://www.securityfocus.com/bid/11523
http://www.trustix.org/errata/2004/0058
1617343 https://bugzilla.redhat.com/show_bug.cgi?id=1617343
cpe:2.3:a:gd_graphics_library:gdlib:1.8.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gd_graphics_library:gdlib:1.8.4:*:*:*:*:*:*:*
cpe:2.3:a:gd_graphics_library:gdlib:2.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gd_graphics_library:gdlib:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:gd_graphics_library:gdlib:2.0.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gd_graphics_library:gdlib:2.0.15:*:*:*:*:*:*:*
cpe:2.3:a:gd_graphics_library:gdlib:2.0.20:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gd_graphics_library:gdlib:2.0.20:*:*:*:*:*:*:*
cpe:2.3:a:gd_graphics_library:gdlib:2.0.21:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gd_graphics_library:gdlib:2.0.21:*:*:*:*:*:*:*
cpe:2.3:a:gd_graphics_library:gdlib:2.0.22:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gd_graphics_library:gdlib:2.0.22:*:*:*:*:*:*:*
cpe:2.3:a:gd_graphics_library:gdlib:2.0.23:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gd_graphics_library:gdlib:2.0.23:*:*:*:*:*:*:*
cpe:2.3:a:gd_graphics_library:gdlib:2.0.26:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gd_graphics_library:gdlib:2.0.26:*:*:*:*:*:*:*
cpe:2.3:a:gd_graphics_library:gdlib:2.0.27:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gd_graphics_library:gdlib:2.0.27:*:*:*:*:*:*:*
cpe:2.3:a:gd_graphics_library:gdlib:2.0.28:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gd_graphics_library:gdlib:2.0.28:*:*:*:*:*:*:*
cpe:2.3:a:openpkg:openpkg:2.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openpkg:openpkg:2.1:*:*:*:*:*:*:*
cpe:2.3:a:openpkg:openpkg:2.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openpkg:openpkg:2.2:*:*:*:*:*:*:*
cpe:2.3:a:openpkg:openpkg:current:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openpkg:openpkg:current:*:*:*:*:*:*:*
cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:9.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:9.2:*:*:*:*:*:*:*
cpe:2.3:o:trustix:secure_linux:1.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:trustix:secure_linux:1.5:*:*:*:*:*:*:*
cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*
cpe:2.3:o:trustix:secure_linux:2.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:trustix:secure_linux:2.1:*:*:*:*:*:*:*
cpe:2.3:o:trustix:secure_linux:2.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:trustix:secure_linux:2.2:*:*:*:*:*:*:*
CVE-2004-0990 https://nvd.nist.gov/vuln/detail/CVE-2004-0990
OSVDB-11190;CVE-2004-0990 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/600.c
RHSA-2004:638 https://access.redhat.com/errata/RHSA-2004:638
USN-11-1 https://usn.ubuntu.com/11-1/
USN-21-1 https://usn.ubuntu.com/21-1/
Data source Exploit-DB
Date added Oct. 25, 2004
Description GD Graphics Library - Local Heap Overflow
Ransomware campaign use Known
Source publication date Oct. 26, 2004
Exploit type local
Platform linux
Source update date April 12, 2016
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2004-0990
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete

Exploit Prediction Scoring System (EPSS)
Percentile 0.96574
EPSS Score 0.21652
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.