CVE-2004-0990

Name of the Vulnerable Software and Affected Versions GD Graphics Library version 2.0.28 libgd2 versions 1.8.4 and possibly other versions gd-devel versions 1.8.4 gd-progs versions 1.8.4 libgd1-noxpm versions 1.8.4 libgd1 versions 1.8.4 gd versions 1.8.4

Description The issue is related to multiple vulnerabilities in the GD Graphics Library, which can be exploited remotely. This can lead to a denial of service and potentially allow the execution of arbitrary code via PNG image files with large image rows values, causing a heap-based buffer overflow in the gdImageCreateFromPngCtx function. The vulnerabilities can also lead to a violation of confidentiality, integrity, and availability of protected information.

Recommendations For version 2.0.28, consider updating to a newer version to mitigate the risk. For libgd2 versions 1.8.4, update to a newer version to resolve the issue. For gd-devel versions 1.8.4, update to a newer version to resolve the issue. For gd-progs versions 1.8.4, update to a newer version to resolve the issue. For libgd1-noxpm versions 1.8.4, update to a newer version to resolve the issue. For libgd1 versions 1.8.4, update to a newer version to resolve the issue. For gd versions 1.8.4, update to a newer version to resolve the issue. As a temporary workaround, consider disabling the gdImageCreateFromPngCtx function until a patch is available.