Description
Multiple integer overflows in (1) readbmp.c, (2) readgif.c, (3) readgif.c, (4) readmrf.c, (5) readpcx.c, (6) readpng.c,(7) readpnm.c, (8) readprf.c, (9) readtiff.c, (10) readxbm.c, (11) readxpm.c in zgv 5.8 allow remote attackers to execute arbitrary code via certain image headers that cause calculations to be overflowed and small buffers to be allocated, leading to buffer overflows. NOTE: CVE-2004-0994 and CVE-2004-1095 identify sets of bugs that only partially overlap, despite having the same developer. Therefore, they should be regarded as distinct.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by infamous41md · textremotelinux
https://www.exploit-db.com/exploits/609
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17871
Various Sources x_refsource_confirm
http://www.svgalib.org/rus/zgv/
Various Sources x_refsource_confirm
http://www.svgalib.org/rus/zgv/zgv-5.8-integer-overflow-fix.diff
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200411-12.xml
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=109898111915661&w=2
Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/11556
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=109886210702781&w=2
Scores
EPSS
0.2100
EPSS Percentile
95.7%
Details
Status
published
Products (8)
debian/debian_linux
3.0 (11 CPE variants)
zgv/xzgv_image_viewer
0.6
zgv/xzgv_image_viewer
0.7
zgv/xzgv_image_viewer
0.8
zgv/zgv_image_viewer
5.5
zgv/zgv_image_viewer
5.6
zgv/zgv_image_viewer
5.7
zgv/zgv_image_viewer
5.8
Published
Jan 10, 2005
Tracked Since
Feb 18, 2026