CVE-2004-0941 : Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier

Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function, a different set of vulnerabilities than CVE-2004-0990.

Published 2005-02-09 05:00:00

Updated 2025-04-03 01:03:51

Source MITRE

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2004-0941

Trustix » Secure Linux » Version: 1.5
cpe:2.3:o:trustix:secure_linux:1.5:*:*:*:*:*:*:*
Matching versions
Trustix » Secure Linux » Version: 2.0
cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*
Matching versions
Trustix » Secure Linux » Version: 2.1
cpe:2.3:o:trustix:secure_linux:2.1:*:*:*:*:*:*:*
Matching versions
Trustix » Secure Linux » Version: 2.2
cpe:2.3:o:trustix:secure_linux:2.2:*:*:*:*:*:*:*
Matching versions
Gd Graphics Library » Gdlib » Version: 2.0.22
cpe:2.3:a:gd_graphics_library:gdlib:2.0.22:*:*:*:*:*:*:*
Matching versions
Gd Graphics Library » Gdlib » Version: 2.0.23
cpe:2.3:a:gd_graphics_library:gdlib:2.0.23:*:*:*:*:*:*:*
Matching versions
Gd Graphics Library » Gdlib » Version: 2.0.26
cpe:2.3:a:gd_graphics_library:gdlib:2.0.26:*:*:*:*:*:*:*
Matching versions
Gd Graphics Library » Gdlib » Version: 1.8.4
cpe:2.3:a:gd_graphics_library:gdlib:1.8.4:*:*:*:*:*:*:*
Matching versions
Gd Graphics Library » Gdlib » Version: 2.0.1
cpe:2.3:a:gd_graphics_library:gdlib:2.0.1:*:*:*:*:*:*:*
Matching versions
Gd Graphics Library » Gdlib » Version: 2.0.33
cpe:2.3:a:gd_graphics_library:gdlib:2.0.33:*:*:*:*:*:*:*
Matching versions
Gd Graphics Library » Gdlib » Version: 2.0.27
cpe:2.3:a:gd_graphics_library:gdlib:2.0.27:*:*:*:*:*:*:*
Matching versions
Gd Graphics Library » Gdlib » Version: 2.0.28
cpe:2.3:a:gd_graphics_library:gdlib:2.0.28:*:*:*:*:*:*:*
Matching versions
Gd Graphics Library » Gdlib » Version: 2.0.20
cpe:2.3:a:gd_graphics_library:gdlib:2.0.20:*:*:*:*:*:*:*
Matching versions
Gd Graphics Library » Gdlib » Version: 2.0.21
cpe:2.3:a:gd_graphics_library:gdlib:2.0.21:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2004-0941

EPSS FAQ

4.87%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 89 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2004-0941

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

Vendor statements for CVE-2004-0941

Red Hat 2007-03-14

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

References for CVE-2004-0941

http://www.securityfocus.com/bid/11663

Patch;Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2004-638.html

Support

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/18048

GD Graphics Library gdMalloc buffer overflow CVE-2004-0941 Vulnerability Report
http://www.mandriva.com/security/advisories?name=MDKSA-2006:113

Mandriva

CVEs referencing this url
http://secunia.com/advisories/13179/

About Secunia Research | Flexera
http://secunia.com/advisories/21050

About Secunia Research | Flexera

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11176

404 Not Found
http://secunia.com/advisories/18686

About Secunia Research | Flexera
http://www.redhat.com/support/errata/RHSA-2006-0194.html

Support
http://www.mandriva.com/security/advisories?name=MDKSA-2006:114

Mandriva

CVEs referencing this url
http://www.ciac.org/ciac/bulletins/p-071.shtml

CVEs referencing this url
https://www.ubuntu.com/usn/usn-33-1/

USN-33-1: libgd vulnerabilities | Ubuntu security notices | Ubuntu
http://www.debian.org/security/2004/dsa-601

[SECURITY] [DSA 601-1] New libgd1 packages fix arbitrary code execution

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1195

404 Not Found
http://www.trustix.org/errata/2004/0058

Trustix | Empowering Trust and Security in the Digital Age
Patch;Vendor Advisory

CVEs referencing this url
https://www.ubuntu.com/usn/usn-25-1/

USN-25-1: libgd2 vulnerability | Ubuntu security notices | Ubuntu

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDKSA-2006:122

Mandriva

CVEs referencing this url
http://secunia.com/advisories/20824

About Secunia Research | Flexera

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2004-0941

Products affected by CVE-2004-0941

Exploit prediction scoring system (EPSS) score for CVE-2004-0941

CVSS scores for CVE-2004-0941

Vendor statements for CVE-2004-0941

References for CVE-2004-0941