Fluid Attacks Database

Description

Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function, a different set of vulnerabilities than CVE-2004-0990.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	libgd2	>=0 <2.0.33-1.1	2.0.33-1.1
debian 12	libgd2	>=0 <2.0.33-1.1	2.0.33-1.1
debian 14	libgd2	>=0 <2.0.33-1.1	2.0.33-1.1
rpm rhel6	libwmf	-	-
rpm rhel5	libwmf	-	-
debian 13	libgd2	>=0 <2.0.33-1.1	2.0.33-1.1

Aliases

1. CVE-2004-09412. NVD-2004-09413. OSV-DEBIAN-2004-09414. OSV-2004-09415. SECURITY-TRACKER-CVE-2004-0941

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.