CVE Vulnerabilities

CVE-2004-0994

Published: Jan 10, 2005 | Modified: Jul 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
10 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Multiple integer overflows in xzgv 0.8 and earlier allow remote attackers to execute arbitrary code via images with large width and height values, which trigger a heap-based buffer overflow, as demonstrated in the read_prf_file function in readprf.c. NOTE: CVE-2004-0994 and CVE-2004-1095 identify sets of bugs that only partially overlap, despite having the same developer. Therefore, they should be regarded as distinct.

Affected Software

Name Vendor Start Version End Version
Xzgv_image_viewer Zgv 0.6 0.6
Xzgv_image_viewer Zgv 0.7 0.7
Xzgv_image_viewer Zgv 0.8 0.8
Zgv_image_viewer Zgv 5.5 5.5
Zgv_image_viewer Zgv 5.6 5.6
Zgv_image_viewer Zgv 5.7 5.7
Zgv_image_viewer Zgv 5.8 5.8
Xzgv Ubuntu dapper *
Xzgv Ubuntu devel *
Xzgv Ubuntu edgy *
Xzgv Ubuntu feisty *

References