Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941.
2005-03-01T05:00:00.000
2025-04-03T01:03:51.193
Deferred
CVSSv2: 10.0 (HIGH)
AV:N/AC:L/Au:N/C:C/I:C/A:C
10.0
10.0
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | gd_graphics_library | gdlib | 1.8.4 | Yes |
| Application | gd_graphics_library | gdlib | 2.0.1 | Yes |
| Application | gd_graphics_library | gdlib | 2.0.15 | Yes |
| Application | gd_graphics_library | gdlib | 2.0.20 | Yes |
| Application | gd_graphics_library | gdlib | 2.0.21 | Yes |
| Application | gd_graphics_library | gdlib | 2.0.22 | Yes |
| Application | gd_graphics_library | gdlib | 2.0.23 | Yes |
| Application | gd_graphics_library | gdlib | 2.0.26 | Yes |
| Application | gd_graphics_library | gdlib | 2.0.27 | Yes |
| Application | gd_graphics_library | gdlib | 2.0.28 | Yes |
| Application | openpkg | openpkg | 2.1 | Yes |
| Application | openpkg | openpkg | 2.2 | Yes |
| Application | openpkg | openpkg | current | Yes |
| Operating System | gentoo | linux | * | Yes |
| Operating System | suse | suse_linux | 8.0 | Yes |
| Operating System | suse | suse_linux | 8.1 | Yes |
| Operating System | suse | suse_linux | 8.2 | Yes |
| Operating System | suse | suse_linux | 9.0 | Yes |
| Operating System | suse | suse_linux | 9.0 | Yes |
| Operating System | suse | suse_linux | 9.1 | Yes |
| Operating System | suse | suse_linux | 9.2 | Yes |
| Operating System | trustix | secure_linux | 1.5 | Yes |
| Operating System | trustix | secure_linux | 2.0 | Yes |
| Operating System | trustix | secure_linux | 2.1 | Yes |
| Operating System | trustix | secure_linux | 2.2 | Yes |