Vulnerability Details : CVE-2004-0994
Multiple integer overflows in xzgv 0.8 and earlier allow remote attackers to execute arbitrary code via images with large width and height values, which trigger a heap-based buffer overflow, as demonstrated in the read_prf_file function in readprf.c. NOTE: CVE-2004-0994 and CVE-2004-1095 identify sets of bugs that only partially overlap, despite having the same developer. Therefore, they should be regarded as distinct.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2004-0994
Probability of exploitation activity in the next 30 days: 3.52%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 91 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2004-0994
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2004-0994
Products affected by CVE-2004-0994
- cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*
- cpe:2.3:a:zgv:zgv_image_viewer:5.8:*:*:*:*:*:*:*
- cpe:2.3:a:zgv:zgv_image_viewer:5.6:*:*:*:*:*:*:*
- cpe:2.3:a:zgv:zgv_image_viewer:5.7:*:*:*:*:*:*:*
- cpe:2.3:a:zgv:zgv_image_viewer:5.5:*:*:*:*:*:*:*
- cpe:2.3:a:zgv:xzgv_image_viewer:0.8:*:*:*:*:*:*:*
- cpe:2.3:a:zgv:xzgv_image_viewer:0.6:*:*:*:*:*:*:*
- cpe:2.3:a:zgv:xzgv_image_viewer:0.7:*:*:*:*:*:*:*