CVE-2005-0399

Sažetak

Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, Mozilla before to 1.7.6, and Thunderbird before 1.0.2, and possibly other applications that use the same library, allows remote attackers to execute arbitrary code via a GIF image with a crafted Netscape extension 2 block and buffer size.

Reference

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
http://secunia.com/advisories/14654
http://secunia.com/advisories/19823
http://www.ciac.org/ciac/bulletins/p-160.shtml
http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml
http://www.kb.cert.org/vuls/id/557948
http://www.mozilla.org/security/announce/mfsa2005-30.html
http://www.novell.com/linux/security/advisories/2006_04_25.html
http://www.redhat.com/support/errata/RHSA-2005-323.html
http://www.redhat.com/support/errata/RHSA-2005-335.html
http://www.redhat.com/support/errata/RHSA-2005-336.html
http://www.redhat.com/support/errata/RHSA-2005-337.html
http://www.securityfocus.com/bid/12881
http://www.securityfocus.com/bid/15495
http://www.vupen.com/english/advisories/2005/0296
http://xforce.iss.net/xforce/alerts/id/191
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=150877
https://exchange.xforce.ibmcloud.com/vulnerabilities/19269
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100028
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11377

CVSS

Base:	5.1
Impact:	6.4
Exploitability:	4.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:H/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

03-05-2018 - 01:29

Objavljeno

02-05-2005 - 04:00