CVE-2005-0399

high

Description

Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, Mozilla before to 1.7.6, and Thunderbird before 1.0.2, and possibly other applications that use the same library, allows remote attackers to execute arbitrary code via a GIF image with a crafted Netscape extension 2 block and buffer size.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11377

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100028

https://exchange.xforce.ibmcloud.com/vulnerabilities/19269

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=150877

http://xforce.iss.net/xforce/alerts/id/191

http://www.vupen.com/english/advisories/2005/0296

http://www.securityfocus.com/bid/15495

http://www.securityfocus.com/bid/12881

http://www.redhat.com/support/errata/RHSA-2005-337.html

http://www.redhat.com/support/errata/RHSA-2005-336.html

http://www.redhat.com/support/errata/RHSA-2005-335.html

http://www.redhat.com/support/errata/RHSA-2005-323.html

http://www.novell.com/linux/security/advisories/2006_04_25.html

http://www.mozilla.org/security/announce/mfsa2005-30.html

http://www.kb.cert.org/vuls/id/557948

http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml

http://www.ciac.org/ciac/bulletins/p-160.shtml

http://secunia.com/advisories/19823

http://secunia.com/advisories/14654

Details

Source: Mitre, NVD

Published: 2005-05-02

Updated: 2025-04-03

Risk Information

CVSS v2

Base Score: 5.1

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.41278