Vulnerability Details : CVE-2004-0788
Integer overflow in the ICO image decoder for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted ICO file.
Vulnerability category: OverflowDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2004-0788
Probability of exploitation activity in the next 30 days: 17.59%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 96 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2004-0788
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2004-0788
-
The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.Assigned by: nvd@nist.gov (Primary)
References for CVE-2004-0788
-
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:095
Third Party Advisory
-
http://www.kb.cert.org/vuls/id/577654
Third Party Advisory;US Government Resource
-
http://www.redhat.com/support/errata/RHSA-2004-466.html
Patch;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/17387
Third Party Advisory;VDB Entry
-
http://www.mandriva.com/security/advisories?name=MDKSA-2005:214
Advisories - Mandriva LinuxBroken Link
-
http://www.debian.org/security/2004/dsa-546
Third Party Advisory
-
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000875
Third Party Advisory
-
https://bugzilla.fedora.us/show_bug.cgi?id=2005
Issue Tracking
-
http://www.securityfocus.com/archive/1/419771/100/0/threaded
Third Party Advisory;VDB Entry
-
http://secunia.com/advisories/17657
About Secunia Research | FlexeraBroken Link
-
http://www.redhat.com/support/errata/RHSA-2004-447.html
Patch;Third Party Advisory;Vendor Advisory
-
http://www.securityfocus.com/bid/11195
Third Party Advisory;VDB Entry
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10506
Broken Link
Products affected by CVE-2004-0788
- cpe:2.3:a:gnome:gdkpixbuf:0.18:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdkpixbuf:0.20:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdkpixbuf:0.22:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdkpixbuf:0.17:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gtk:*:*:*:*:*:*:*:*