CVE Vulnerabilities

CVE-2004-0994

Published: Jan 10, 2005 | Modified: Jul 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
10 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu
UNTRIAGED

Multiple integer overflows in xzgv 0.8 and earlier allow remote attackers to execute arbitrary code via images with large width and height values, which trigger a heap-based buffer overflow, as demonstrated in the read_prf_file function in readprf.c. NOTE: CVE-2004-0994 and CVE-2004-1095 identify sets of bugs that only partially overlap, despite having the same developer. Therefore, they should be regarded as distinct.

Affected Software

Name Vendor Start Version End Version
Xzgv_image_viewer Zgv 0.6 (including) 0.6 (including)
Xzgv_image_viewer Zgv 0.7 (including) 0.7 (including)
Xzgv_image_viewer Zgv 0.8 (including) 0.8 (including)
Zgv_image_viewer Zgv 5.5 (including) 5.5 (including)
Zgv_image_viewer Zgv 5.6 (including) 5.6 (including)
Zgv_image_viewer Zgv 5.7 (including) 5.7 (including)
Zgv_image_viewer Zgv 5.8 (including) 5.8 (including)
Xzgv Ubuntu dapper *
Xzgv Ubuntu devel *
Xzgv Ubuntu edgy *
Xzgv Ubuntu feisty *

References