CVE-2005-0399 : Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, Mozilla before t

Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, Mozilla before to 1.7.6, and Thunderbird before 1.0.2, and possibly other applications that use the same library, allows remote attackers to execute arbitrary code via a GIF image with a crafted Netscape extension 2 block and buffer size.

Published 2005-05-02 04:00:00

Updated 2025-04-03 01:03:51

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Products affected by CVE-2005-0399

Mozilla » Mozilla » Version: 1.3
cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Mozilla » Version: 1.4 Update Alpha
cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*
Matching versions
Mozilla » Mozilla » Version: 1.4
cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*
Matching versions
Mozilla » Mozilla » Version: 1.4.1
cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Mozilla » Version: 1.5
cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*
Matching versions
Mozilla » Mozilla » Version: 1.6
cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*
Matching versions
Mozilla » Mozilla » Version: 1.7
cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*
Matching versions
Mozilla » Mozilla » Version: 1.7.1
cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Mozilla » Version: 1.7.2
cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Mozilla » Version: 1.7 Update RC3
cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*
Matching versions
Mozilla » Mozilla » Version: 1.7 Update Beta
cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*
Matching versions
Mozilla » Mozilla » Version: 1.7 Update RC1
cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*
Matching versions
Mozilla » Mozilla » Version: 1.7 Update Alpha
cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*
Matching versions
Mozilla » Mozilla » Version: 1.5.1
cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Mozilla » Version: 1.7 Update RC2
cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*
Matching versions
Mozilla » Mozilla » Version: 1.7.3
cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Mozilla » Version: 1.5 Update Alpha
cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*
Matching versions
Mozilla » Mozilla » Version: 1.5 Update RC1
cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*
Matching versions
Mozilla » Mozilla » Version: 1.6 Update Alpha
cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*
Matching versions
Mozilla » Mozilla » Version: 1.6 Update Beta
cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*
Matching versions
Mozilla » Mozilla » Version: 1.5 Update RC2
cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*
Matching versions
Mozilla » Mozilla » Version: 1.7.5
cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 0.9.2
cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 0.9.1
cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 0.8
cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 0.9
cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 0.9.3
cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 0.9 Update RC
cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 0.10.1
cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 0.10
cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 1.0
cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 1.0.1
cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 0.7.2
cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 0.7.3
cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 0.7
cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 0.7.1
cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 0.6
cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 0.1
cpe:2.3:a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 0.2
cpe:2.3:a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 0.5
cpe:2.3:a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 0.3
cpe:2.3:a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 0.4
cpe:2.3:a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 0.8
cpe:2.3:a:mozilla:thunderbird:0.8:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 0.9
cpe:2.3:a:mozilla:thunderbird:0.9:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 1.0
cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 1.0.1
cpe:2.3:a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2005-0399

EPSS FAQ

41.28%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 97 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2005-0399

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.1	MEDIUM	AV:N/AC:H/Au:N/C:P/I:P/A:P	4.9	6.4	NIST
Access Vector: Network Access Complexity: High Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2005-0399

https://exchange.xforce.ibmcloud.com/vulnerabilities/19269
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100028

404 Not Found
http://www.mozilla.org/security/announce/mfsa2005-30.html

Vendor Advisory
http://www.securityfocus.com/bid/12881
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt

CVEs referencing this url
http://www.novell.com/linux/security/advisories/2006_04_25.html

404 Page Not Found | SUSE

CVEs referencing this url
http://secunia.com/advisories/19823

About Secunia Research | Flexera

CVEs referencing this url
http://secunia.com/advisories/14654

Patch;Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/15495

CVEs referencing this url
http://www.redhat.com/support/errata/RHSA-2005-335.html

Support
Vendor Advisory

CVEs referencing this url
http://xforce.iss.net/xforce/alerts/id/191

Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-323.html

Vendor Advisory

CVEs referencing this url
http://www.vupen.com/english/advisories/2005/0296

Site en construction

CVEs referencing this url
http://www.redhat.com/support/errata/RHSA-2005-337.html

Support
Vendor Advisory

CVEs referencing this url
http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml

Mozilla Suite: Multiple vulnerabilities (GLSA 200503-30) — Gentoo security
Vendor Advisory

CVEs referencing this url
http://www.kb.cert.org/vuls/id/557948

Third Party Advisory;US Government Resource
http://www.redhat.com/support/errata/RHSA-2005-336.html

Vendor Advisory

CVEs referencing this url
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=150877

150877 – CAN-2005-0399 firefox GIF buffer overflow
Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11377
http://www.ciac.org/ciac/bulletins/p-160.shtml

Jump to

Vulnerability Details : CVE-2005-0399

Products affected by CVE-2005-0399

Exploit prediction scoring system (EPSS) score for CVE-2005-0399

CVSS scores for CVE-2005-0399

References for CVE-2005-0399