Buffer Overflow in Microsoft GDI+ JPEG Parsing Engine
CVE-2004-0200

Currently unrated

Key Information:

Vendor
Microsoft
Status
Frontpage
Visual J\# .net
Visual C\+\+
Digital Image Pro
Vendor
CVE Published:
28 September 2004

Summary

A vulnerability exists in the JPEG parsing engine of Microsoft GDI+ (GDIPlus.dll), which can be exploited by remote attackers by crafting a malicious JPEG image. Through a specific manipulation of the JPEG COM field length, attackers can trigger a buffer overflow during a memory copy operation, potentially allowing the execution of arbitrary code on the vulnerable system.

References

https://oval.cisecurity.org/repository/search/definition/...
vdb-entrysignaturex_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/...
vdb-entrysignaturex_refsource_OVAL
http://www.kb.cert.org/vuls/id/297462
third-party-advisoryx_refsource_CERT-VN

EPSS Score

75% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.