CVE-2004-0994 - Multiple integer overflows in xzgv 0.8 and earlier allow remote attackers to execute arbitrary code

CVE-2004-0994

Summary

Multiple integer overflows in xzgv 0.8 and earlier allow remote attackers to execute arbitrary code via images with large width and height values, which trigger a heap-based buffer overflow, as demonstrated in the read_prf_file function in readprf.c. NOTE: CVE-2004-0994 and CVE-2004-1095 identify sets of bugs that only partially overlap, despite having the same developer. Therefore, they should be regarded as distinct.

References

Vulnerable Configurations

cpe:2.3:a:zgv:xzgv_image_viewer:0.6:*:*:*:*:*:*:*
cpe:2.3:a:zgv:xzgv_image_viewer:0.6:*:*:*:*:*:*:*
cpe:2.3:a:zgv:xzgv_image_viewer:0.7:*:*:*:*:*:*:*
cpe:2.3:a:zgv:xzgv_image_viewer:0.7:*:*:*:*:*:*:*
cpe:2.3:a:zgv:xzgv_image_viewer:0.8:*:*:*:*:*:*:*
cpe:2.3:a:zgv:xzgv_image_viewer:0.8:*:*:*:*:*:*:*
cpe:2.3:a:zgv:zgv_image_viewer:5.5:*:*:*:*:*:*:*
cpe:2.3:a:zgv:zgv_image_viewer:5.5:*:*:*:*:*:*:*
cpe:2.3:a:zgv:zgv_image_viewer:5.6:*:*:*:*:*:*:*
cpe:2.3:a:zgv:zgv_image_viewer:5.6:*:*:*:*:*:*:*
cpe:2.3:a:zgv:zgv_image_viewer:5.7:*:*:*:*:*:*:*
cpe:2.3:a:zgv:zgv_image_viewer:5.7:*:*:*:*:*:*:*
cpe:2.3:a:zgv:zgv_image_viewer:5.8:*:*:*:*:*:*:*
cpe:2.3:a:zgv:zgv_image_viewer:5.8:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*

CVSS

Base:	10.0 (as of 11-07-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

confirm	http://rus.members.beeb.net/xzgv-0.8-integer-overflow-fix.diff
debian	DSA-614
idefense	20041213 Multiple Vendor xzgv PRF Parsing Integer Overflow Vulnerability
xf	xzgv-readprffile-bo(18454)

Last major update

11-07-2017 - 01:30

Published

10-01-2005 - 05:00

Last modified

11-07-2017 - 01:30