Executive Summary

Informations
Name CVE-2004-1095 First vendor Publication 2005-01-10
Vendor Cve Last vendor Modification 2024-11-20

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple integer overflows in (1) readbmp.c, (2) readgif.c, (3) readgif.c, (4) readmrf.c, (5) readpcx.c, (6) readpng.c,(7) readpnm.c, (8) readprf.c, (9) readtiff.c, (10) readxbm.c, (11) readxpm.c in zgv 5.8 allow remote attackers to execute arbitrary code via certain image headers that cause calculations to be overflowed and small buffers to be allocated, leading to buffer overflows. NOTE: CVE-2004-0994 and CVE-2004-1095 identify sets of bugs that only partially overlap, despite having the same developer. Therefore, they should be regarded as distinct.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1095

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 3
Application 4
Os 11

OpenVAS Exploits

Date Description
2008-09-24 Name : Gentoo Security Advisory GLSA 200411-12 (zgv)
File : nvt/glsa_200411_12.nasl
2008-09-04 Name : FreeBSD Ports: zgv
File : nvt/freebsd_zgv.nasl
2008-01-17 Name : Debian Security Advisory DSA 608-1 (zgv)
File : nvt/deb_608_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
11400 xzgv TIFF Image Processing Overflow

A remote overflow exists in xzgv. xzgv allows for a heap overflow due to its failure to perform boundary checking of user-supplied data from TIFF image headers in readtiff.c. Using a specially crafted TIFF file, an attacker can remotely execute arbitrary code or cause a denial of service, resulting in a loss of integrity or availability.
11399 xzgv PRF Image Processing Overflow

A remote overflow exists in xzgv. xzgv allows for a heap overflow due to its failure to perform boundary checking of user-supplied data from PRF image headers in readprf.c. Using a specially crafted PRF file, an attacker can remotely execute arbitrary code or cause a denial of service, resulting in a loss of integrity or availability.
11398 xzgv JPEG Image Processing Overflow

A remote overflow exists in xzgv. xzgv allows for a heap overflow due to its failure to perform boundary checking of user-supplied data from JPEG image headers in readjpeg.c. Using a specially crafted JPEG file, an attacker can remotely execute arbitrary code or cause a denial of service, resulting in a loss of integrity or availability.
11397 xzgv MRF Image Processing Overflow

A remote overflow exists in xzgv. xzgv allows for a heap overflow due to its failure to perform boundary checking of user-supplied data from MRF image headers in readmrf.c. Using a specially crafted MRF file, an attacker can remotely execute arbitrary code or cause a denial of service, resulting in a loss of integrity or availability.
11396 xzgv GIF Image Processing Overflow

A remote overflow exists in xzgv. xzgv allows for a heap overflow due to its failure to perform boundary checking of user-supplied data from GIF image headers in readgif.c. Using a specially crafted GIF file, an attacker can remotely execute arbitrary code or cause a denial of service, resulting in a loss of integrity or availability.
11235 zgv PCD Image Processing Overflow

A remote overflow exists in zgv. zgv fails to perform boundary checking of user-supplied data from PCD image headers in readpcd.c, resulting in a heap overflow. Using a specially crafted PCD file, an attacker could possibly cause remote code execution resulting in a loss of integrity.
11213 zgv XPM Image Processing Overflow

A remote overflow exists in zgv. zgv fails to perform boundary checking of user-supplied data from XPM image headers in readxpm.c, resulting in a heap overflow. With a specially crafted XPM file, an attacker can cause remote code execution resulting in a loss of integrity.
11212 zgv TIFF Image Processing Overflow

A remote overflow exists in zgv. zgv fails to perform boundary checking of user-supplied data from TIFF image headers in readtiff.c, resulting in a heap overflow. Using a specially crafted TIFF file, an attacker can cause remote code execution resulting in a loss of integrity.
11211 zgv PRF Image Processing Overflow

A remote overflow exists in zgv. zgv fails to perform boundary checking of user-supplied data from PRF image headers in readprf.c, resulting in a heap overflow. Using a specially crafted PRF file, an attacker can cause remote code execution resulting in a loss of integrity.
11210 zgv PNM Image Processing Overflow

A remote overflow exists in zgv. zgv fails to perform boundary checking of user-supplied data from PNM image headers in readpnm.c, resulting in a heap overflow. With a specially crafted PNM file, an attacker can cause remote code execution resulting in a loss of integrity.
11209 zgv PNG Image Processing Overflow

A remote overflow exists in zgv. zgv fails to perform boundary checking of user-supplied data from PNG image headers in readpng.c, resulting in a heap overflow. Using a specially crafted PNG file, an attacker can cause remote code execution resulting in a loss of integrity.
11208 zgv PCX Image Processing Overflow

A remote overflow exists in zgv. zgv fails to perform boundary checking of user-supplied data from PCX image headers in readpcx.c, resulting in a heap overflow. With a specially crafted PCX file, an attacker can cause remote code execution resulting in a loss of integrity.
11207 zgv MRF Image Processing Overflow

A remote overflow exists in zgv. zgv fails to perform boundary checking of user-supplied data from MRF image headers in readmrf.c resulting in a heap overflow. Using a specially crafted MRF file, an attacker can cause remote code execution resulting in a loss of integrity.
11206 zgv GIF Image Processing Overflow

A remote overflow exists in zgv. zgv fails to perform boundary checking of user-supplied data from GIF image headers in readgif.c resulting in a heap overflow. Using a specially crafted GIF file, an attacker can cause remote code execution resulting in a loss of integrity.
11205 zgv BMP Image Processing Overflow

A remote overflow exists in zgv. zgv fails to perform boundary checking of user-supplied data from BMP image headers in readbmp.c resulting in a heap overflow. With a specially crafted BMP file, an attacker can cause remote code execution resulting in a loss of integrity.

Nessus® Vulnerability Scanner

Date Description
2004-12-21 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-614.nasl - Type : ACT_GATHER_INFO
2004-12-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-608.nasl - Type : ACT_GATHER_INFO
2004-11-08 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200411-12.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://marc.info/?l=bugtraq&m=109886210702781&w=2
http://marc.info/?l=bugtraq&m=109898111915661&w=2
http://www.gentoo.org/security/en/glsa/glsa-200411-12.xml
http://www.securityfocus.com/bid/11556
http://www.svgalib.org/rus/zgv/
http://www.svgalib.org/rus/zgv/zgv-5.8-integer-overflow-fix.diff
https://exchange.xforce.ibmcloud.com/vulnerabilities/17871
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
Date Informations
2024-11-28 23:22:35
  • Multiple Updates
2024-11-28 12:06:17
  • Multiple Updates
2021-05-04 12:02:27
  • Multiple Updates
2021-04-22 01:02:37
  • Multiple Updates
2020-05-23 00:15:57
  • Multiple Updates
2017-07-11 12:01:33
  • Multiple Updates
2016-10-18 12:01:24
  • Multiple Updates
2016-04-26 12:55:39
  • Multiple Updates
2014-02-17 10:28:25
  • Multiple Updates
2013-05-11 11:43:49
  • Multiple Updates