Vulnerability CVE-2004-0994


Published: 2005-01-10   Modified: 2012-02-12

Description:
Multiple integer overflows in xzgv 0.8 and earlier allow remote attackers to execute arbitrary code via images with large width and height values, which trigger a heap-based buffer overflow, as demonstrated in the read_prf_file function in readprf.c. NOTE: CVE-2004-0994 and CVE-2004-1095 identify sets of bugs that only partially overlap, despite having the same developer. Therefore, they should be regarded as distinct.

Vendor: ZGV
Product: Zgv image viewer 
Version:
5.8
5.7
5.6
5.5
Product: Xzgv image viewer 
Version:
0.8
0.7
0.6
Vendor: Debian
Product: Debian linux 
Version: 3.0;

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://marc.info/?l=bugtraq&m=110297198402077&w=2
http://rus.members.beeb.net/xzgv-0.8-integer-overflow-fix.diff
http://www.debian.org/security/2004/dsa-614
http://xforce.iss.net/xforce/xfdb/18454

Related CVE
CVE-2012-4385
letodms 3.3.6 has CSRF via change password
CVE-2012-4384
letodms has multiple XSS issues: Reflected XSS in Login Page, Stored XSS in Document Owner/User name, Stored XSS in Calendar
CVE-2011-0544
phpbb 3.0.x-3.0.6 has an XSS vulnerability via the [flash] BB tag.
CVE-2010-4533
offlineimap before 6.3.4 added support for SSL server certificate validation but it is still possible to use SSL v2 protocol, which is a flawed protocol with multiple security deficiencies.
CVE-2010-4532
offlineimap before 6.3.2 does not check for SSL server certificate validation when "ssl = yes" option is specified which can allow man-in-the-middle attacks.
CVE-2010-3844
An unchecked sscanf() call in ettercap 0.7.3 allows an insecure temporary settings file to overflow a static-sized buffer on the stack.
CVE-2010-3440
babiloo 2.0.9 before 2.0.11 creates temporary files with predictable names when downloading and unpacking dictionary files, allowing a local attacker to overwrite arbitrary files.
CVE-2010-3439
It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command.

Copyright 2019, cxsecurity.com

 

Back to Top