Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2005-3350 | First vendor Publication | 2005-11-03 |
Vendor | Cve | Last vendor Modification | 2018-10-19 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
libungif library before 4.1.0 allows attackers to corrupt memory and possibly execute arbitrary code via a crafted GIF file that leads to an out-of-bounds write. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3350 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:21867 | |||
Oval ID: | oval:org.mitre.oval:def:21867 | ||
Title: | ELSA-2009:0444: giflib security update (Important) | ||
Description: | libungif library before 4.1.0 allows attackers to corrupt memory and possibly execute arbitrary code via a crafted GIF file that leads to an out-of-bounds write. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:0444-01 CVE-2005-2974 CVE-2005-3350 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | giflib |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:29286 | |||
Oval ID: | oval:org.mitre.oval:def:29286 | ||
Title: | RHSA-2009:0444 -- giflib security update (Important) | ||
Description: | Updated giflib packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The giflib packages contain a shared library of functions for loading and saving GIF image files. This library is API and ABI compatible with libungif, the library that supported uncompressed GIF image files while the Unisys LZW patent was in effect. Several flaws were discovered in the way giflib decodes GIF images. An attacker could create a carefully crafted GIF image that could cause an application using giflib to crash or, possibly, execute arbitrary code when opened by a victim. (CVE-2005-2974, CVE-2005-3350) | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:0444 CESA-2009:0444-CentOS 5 CVE-2005-2974 CVE-2005-3350 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | giflib |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9314 | |||
Oval ID: | oval:org.mitre.oval:def:9314 | ||
Title: | libungif library before 4.1.0 allows attackers to corrupt memory and possibly execute arbitrary code via a crafted GIF file that leads to an out-of-bounds write. | ||
Description: | libungif library before 4.1.0 allows attackers to corrupt memory and possibly execute arbitrary code via a crafted GIF file that leads to an out-of-bounds write. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-3350 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for giflib CESA-2009:0444 centos5 i386 File : nvt/gb_CESA-2009_0444_giflib_centos5_i386.nasl |
2009-10-10 | Name : SLES9: Security update for libungif File : nvt/sles9p5011022.nasl |
2009-06-23 | Name : Fedora Core 10 FEDORA-2009-4848 (giflib) File : nvt/fcore_2009_4848.nasl |
2009-05-20 | Name : Fedora Core 9 FEDORA-2009-5118 (giflib) File : nvt/fcore_2009_5118.nasl |
2009-04-28 | Name : RedHat Security Advisory RHSA-2009:0444 File : nvt/RHSA_2009_0444.nasl |
2009-04-28 | Name : CentOS Security Advisory CESA-2009:0444 (giflib) File : nvt/ovcesa2009_0444.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200511-03 (giflib) File : nvt/glsa_200511_03.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 890-1 (libungif4) File : nvt/deb_890_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
20471 | libungif/giflib Crafted .gif File Arbitrary Code Execution A remote overflow exists in libungif. The library fails to properly validate colormaps in GIF files, resulting in out-of-bounds writes and memory corruption. When a program using libungif opens a specially crafted GIF file, an attacker may be able to cause arbitrary code execution, resulting in a loss of integrity. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0444.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090422_giflib_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0444.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_10556.nasl - Type : ACT_GATHER_INFO |
2009-06-19 | Name : The remote Fedora host is missing a security update. File : fedora_2009-4848.nasl - Type : ACT_GATHER_INFO |
2009-05-19 | Name : The remote Fedora host is missing a security update. File : fedora_2009-5118.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0444.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-890.nasl - Type : ACT_GATHER_INFO |
2006-07-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-828.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-207.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-214-1.nasl - Type : ACT_GATHER_INFO |
2005-11-07 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200511-03.nasl - Type : ACT_GATHER_INFO |
2005-11-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-828.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:03:15 |
|
2021-04-22 01:03:32 |
|
2020-05-23 01:36:57 |
|
2020-05-23 00:16:54 |
|
2018-10-19 21:19:39 |
|
2018-05-03 09:19:27 |
|
2016-06-28 15:22:59 |
|
2016-04-26 13:53:43 |
|
2014-02-17 10:33:18 |
|
2013-05-11 11:33:23 |
|