CVE-2004-1095

NameCVE-2004-1095
DescriptionMultiple integer overflows in (1) readbmp.c, (2) readgif.c, (3) readgif.c, (4) readmrf.c, (5) readpcx.c, (6) readpng.c,(7) readpnm.c, (8) readprf.c, (9) readtiff.c, (10) readxbm.c, (11) readxpm.c in zgv 5.8 allow remote attackers to execute arbitrary code via certain image headers that cause calculations to be overflowed and small buffers to be allocated, leading to buffer overflows. NOTE: CVE-2004-0994 and CVE-2004-1095 identify sets of bugs that only partially overlap, despite having the same developer. Therefore, they should be regarded as distinct.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-608-1
NVD severityhigh (attack range: remote)
Debian Bugs284124

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
zgv (PTS)wheezy5.9-4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
zgvsource(unstable)5.7-1.3high284124
zgvsourcewoody5.5-3woody1highDSA-608-1

Search for package or bug name: Reporting problems