CVE-2004-0941 — libgd2 - integer overlow

Description

Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function, a different set of vulnerabilities than CVE-2004-0990.

How to fix CVE-2004-0941

To remediate CVE-2004-0941, upgrade the affected package to a fixed version below.

Debian/libgd—upgrade to 1.8.4-17.woody4 or later
Debian/libgd2—upgrade to 2.0.33-1.1 or later
Debian/libgd2—upgrade to 2.0.1-10woody2 or later

Is CVE-2004-0941 being exploited?

Moderate — EPSS is 14.0%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (3)

from 0, < 1.8.4-17.woody4
from 0, < 2.0.33-1.1
from 0, < 2.0.1-10woody2

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2004-0941