Vulnerabilities > CVE-2006-4484 - Unspecified vulnerability in PHP

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

php

nessus

NVD

Published: 2006-08-31

Updated: 2024-11-21

Summary

Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array.

Vulnerable Configurations

Part	Description	Count
Application	Php PHP PHP 5.1.2 PHP PHP 5.1.1 PHP PHP 5.1.4 PHP PHP 5.1.0	4

Nessus

NASL family	SuSE Local Security Checks
NASL id	SUSE_SA_2006_052.NASL
description	The remote host is missing the patch for the advisory SUSE-SA:2006:052 (php4,php5). Various security problems have been fixed in the PHP script language engine and its modules, versions 4 and 5. The PHP4 updated packages were released on September 12, the PHP5 update packages were released on September 20. The following security problems were fixed, with respective Mitre CVE ID: - The CURL module lacked checks for control characters (CVE-2006-2563) - A potential basedir evasion in the CURL module (CVE-2006-4483) - basedir and safemode evasion in the IMAP module (CVE-2006-4481) - str_repeat() contained an integer overflow (CVE-2006-4482) - GIF LZWReadByte overflow in the GD extension (CVE-2006-4484) - ext/wddx contained a buffer overflow - memory_limit() lacked checks for integer overflows - fixed memory overflow in foreach (CVE-2006-4482) - a bug in sscanf() could potentially be exploited to execute arbitrary code (CVE-2006-4020)
last seen	2019-10-28
modified	2007-02-18
plugin id	24430
published	2007-02-18
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/24430
title	SUSE-SA:2006:052: php4,php5
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # This plugin text was extracted from SuSE Security Advisory SUSE-SA:2006:052 # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(24430); script_version ("1.9"); name["english"] = "SUSE-SA:2006:052: php4,php5"; script_name(english:name["english"]); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a vendor-supplied security patch" ); script_set_attribute(attribute:"description", value: "The remote host is missing the patch for the advisory SUSE-SA:2006:052 (php4,php5). Various security problems have been fixed in the PHP script language engine and its modules, versions 4 and 5. The PHP4 updated packages were released on September 12, the PHP5 update packages were released on September 20. The following security problems were fixed, with respective Mitre CVE ID: - The CURL module lacked checks for control characters (CVE-2006-2563) - A potential basedir evasion in the CURL module (CVE-2006-4483) - basedir and safemode evasion in the IMAP module (CVE-2006-4481) - str_repeat() contained an integer overflow (CVE-2006-4482) - GIF LZWReadByte overflow in the GD extension (CVE-2006-4484) - ext/wddx contained a buffer overflow - memory_limit() lacked checks for integer overflows - fixed memory overflow in foreach (CVE-2006-4482) - a bug in sscanf() could potentially be exploited to execute arbitrary code (CVE-2006-4020)" ); script_set_attribute(attribute:"solution", value: "http://www.novell.com/linux/security/advisories/2006_52_php.html" ); script_set_attribute(attribute:"risk_factor", value:"Medium" ); script_set_attribute(attribute:"plugin_publication_date", value: "2007/02/18"); script_end_attributes(); summary["english"] = "Check for the version of the php4,php5 package"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); family["english"] = "SuSE Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/SuSE/rpm-list"); exit(0); } include("rpm.inc"); if ( rpm_check( reference:"apache2-mod_php4-4.4.0-6.18", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"apache2-mod_php5-5.0.4-9.17", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-4.4.0-6.18", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-curl-4.4.0-6.18", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-devel-4.4.0-6.18", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-exif-4.4.0-6.18", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-fastcgi-4.4.0-6.18", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-gd-4.4.0-6.18", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-imap-4.4.0-6.18", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-mbstring-4.4.0-6.18", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-pgsql-4.4.0-6.18", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-servlet-4.4.0-6.18", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-session-4.4.0-6.18", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-unixODBC-4.4.0-6.18", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-wddx-4.4.0-6.18", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-5.0.4-9.17", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-bcmath-5.0.4-9.17", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-curl-5.0.4-9.17", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-devel-5.0.4-9.17", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-dom-5.0.4-9.17", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-exif-5.0.4-9.17", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-fastcgi-5.0.4-9.17", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-ftp-5.0.4-9.17", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-gd-5.0.4-9.17", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-iconv-5.0.4-9.17", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-imap-5.0.4-9.17", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-ldap-5.0.4-9.17", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-mbstring-5.0.4-9.17", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-mysql-5.0.4-9.17", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-mysqli-5.0.4-9.17", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-pear-5.0.4-9.17", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-pgsql-5.0.4-9.17", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-soap-5.0.4-9.17", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-wddx-5.0.4-9.17", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-xmlrpc-5.0.4-9.17", release:"SUSE10.0") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"apache2-mod_php4-4.3.8-8.31", release:"SUSE9.2") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"mod_php4-servlet-4.3.8-8.31", release:"SUSE9.2") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-4.3.8-8.31", release:"SUSE9.2") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-curl-4.3.8-8.31", release:"SUSE9.2") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-devel-4.3.8-8.31", release:"SUSE9.2") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-exif-4.3.8-8.31", release:"SUSE9.2") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-fastcgi-4.3.8-8.31", release:"SUSE9.2") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-gd-4.3.8-8.31", release:"SUSE9.2") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-imap-4.3.8-8.31", release:"SUSE9.2") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-mbstring-4.3.8-8.31", release:"SUSE9.2") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-pear-4.3.8-8.31", release:"SUSE9.2") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-pgsql-4.3.8-8.31", release:"SUSE9.2") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-session-4.3.8-8.31", release:"SUSE9.2") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-sysvshm-4.3.8-8.31", release:"SUSE9.2") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-wddx-4.3.8-8.31", release:"SUSE9.2") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"apache2-mod_php4-4.3.10-14.28", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"apache2-mod_php5-5.0.3-14.27", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"mod_php4-servlet-4.3.10-14.28", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-4.3.10-14.28", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-curl-4.3.10-14.28", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-devel-4.3.10-14.28", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-exif-4.3.10-14.28", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-fastcgi-4.3.10-14.28", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-gd-4.3.10-14.28", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-imap-4.3.10-14.28", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-mbstring-4.3.10-14.28", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-pear-4.3.10-14.28", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-pgsql-4.3.10-14.28", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-session-4.3.10-14.28", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-sysvshm-4.3.10-14.28", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php4-wddx-4.3.10-14.28", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-5.0.3-14.27", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-bcmath-5.0.3-14.27", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-curl-5.0.3-14.27", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-dba-5.0.3-14.27", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-devel-5.0.3-14.27", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-dom-5.0.3-14.27", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-exif-5.0.3-14.27", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-fastcgi-5.0.3-14.27", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-ftp-5.0.3-14.27", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-gd-5.0.3-14.27", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-iconv-5.0.3-14.27", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-imap-5.0.3-14.27", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-ldap-5.0.3-14.27", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-mbstring-5.0.3-14.27", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-mysql-5.0.3-14.27", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-mysqli-5.0.3-14.27", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-pear-5.0.3-14.27", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-pgsql-5.0.3-14.27", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-soap-5.0.3-14.27", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-wddx-5.0.3-14.27", release:"SUSE9.3") ) { security_warning(0); exit(0); } if ( rpm_check( reference:"php5-xmlrpc-5.0.3-14.27", release:"SUSE9.3") ) { security_warning(0); exit(0); }

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2006-0669.NASL
description	Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A response-splitting issue was discovered in the PHP session handling. If a remote attacker can force a carefully crafted session identifier to be used, a cross-site-scripting or response-splitting attack could be possible. (CVE-2006-3016) A buffer overflow was discovered in the PHP sscanf() function. If a script used the sscanf() function with positional arguments in the format string, a remote attacker sending a carefully crafted request could execute arbitrary code as the
last seen	2020-06-01
modified	2020-06-02
plugin id	22423
published	2006-09-22
reporter	This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/22423
title	CentOS 3 / 4 : php (CESA-2006:0669)

NASL family	SuSE Local Security Checks
NASL id	SUSE_PERL-TK-5035.NASL
description	Specially crafted GIF files could crash perl-Tk (CVE-2006-4484).
last seen	2020-06-01
modified	2020-06-02
plugin id	31340
published	2008-03-04
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/31340
title	openSUSE 10 Security Update : perl-Tk (perl-Tk-5035)

NASL family	SuSE Local Security Checks
NASL id	SUSE9_12093.NASL
description	Specially crafted GIF files could crash perl-Tk. (CVE-2006-4484)
last seen	2020-06-01
modified	2020-06-02
plugin id	41199
published	2009-09-24
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/41199
title	SuSE9 Security Update : perl-Tk (YOU Patch Number 12093)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-342-1.NASL
description	The sscanf() function did not properly check array boundaries. In applications which use sscanf() with argument swapping, a remote attacker could potentially exploit this to crash the affected web application or even execute arbitrary code with the application
last seen	2020-06-01
modified	2020-06-02
plugin id	27921
published	2007-11-10
reporter	Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/27921
title	Ubuntu 5.04 / 5.10 / 6.06 LTS : php4, php5 vulnerabilities (USN-342-1)

NASL family	SuSE Local Security Checks
NASL id	SUSE_TKIMG-5320.NASL
description	This update fixes two vulnerabilities while parsing GIF images. (CVE-2008-0553, CVE-2006-4484)
last seen	2020-06-01
modified	2020-06-02
plugin id	33122
published	2008-06-09
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/33122
title	openSUSE 10 Security Update : tkimg (tkimg-5320)

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_EA09C5DF436211DB81E1000E0C2E438A.NASL
description	The PHP development team reports : - Added missing safe_mode/open_basedir checks inside the error_log(), file_exists(), imap_open() and imap_reopen() functions. - Fixed overflows inside str_repeat() and wordwrap() functions on 64bit systems. - Fixed possible open_basedir/safe_mode bypass in cURL extension and with realpath cache. - Fixed overflow in GD extension on invalid GIF images. - Fixed a buffer overflow inside sscanf() function. - Fixed an out of bounds read inside stripos() function. - Fixed memory_limit restriction on 64 bit system.
last seen	2020-06-01
modified	2020-06-02
plugin id	22343
published	2006-09-14
reporter	This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/22343
title	FreeBSD : php -- multiple vulnerabilities (ea09c5df-4362-11db-81e1-000e0c2e438a)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SDL_IMAGE-4956.NASL
description	Specially crafted GIF files could crash the SDL_image library (CVE-2006-4484).
last seen	2020-06-01
modified	2020-06-02
plugin id	30141
published	2008-02-01
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/30141
title	openSUSE 10 Security Update : SDL_image (SDL_image-4956)

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2008-077.NASL
description	A vulnerability in perl-Tk was found where specially crafted GIF images could crash perl-Tk (an identical issue to that found in php-gd, gd, and SDL_image). The updated packages have been patched to correct this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	36248
published	2009-04-23
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/36248
title	Mandriva Linux Security Advisory : perl-Tk (MDVSA-2008:077)

NASL family	CGI abuses
NASL id	PHP_5_1_5.NASL
description	According to its banner, the version of PHP 5.x installed on the remote host is older than 5.1.5. Such versions may be affected by the following vulnerabilities : - The c-client library 2000, 2001, or 2004 for PHP does not check the safe_mode or open_basedir functions. (CVE-2006-1017) - A buffer overflow exists in the sscanf function. (CVE-2006-4020) - The file_exists and imap_reopen functions do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings. (CVE-2006-4481) - Multiple heap-based buffer overflows exist in the str_repeat and wordwrap functions in ext/standard/string.c. (CVE-2006-4482) - The cURL extension files permit the CURLOPT_FOLLOWLOCATION option when open_basedir or safe_mode is enabled, which allows attackers to perform unauthorized actions. (CVE-2006-4483) - A buffer overflow vulnerability exists in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension. (CVE-2006-4484) - The stripos function is affected by an out-of-bounds read. (CVE-2006-4485)
last seen	2020-06-01
modified	2020-06-02
plugin id	17713
published	2011-11-18
reporter	This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/17713
title	PHP 5.1.x < 5.1.5 Multiple Vulnerabilities

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2008-038.NASL
description	Buffer overflow in the LWZReadByte() function in gd_gif_in.c in GD prior to 2.0.34 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array. This was originally fixed in PHP
last seen	2020-06-01
modified	2020-06-02
plugin id	37016
published	2009-04-23
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/37016
title	Mandriva Linux Security Advisory : gd (MDVSA-2008:038)

NASL family	SuSE Local Security Checks
NASL id	SUSE_TKIMG-5328.NASL
description	This update fixes two vulnerabilities while parsing GIF images. (CVE-2008-0553, CVE-2006-4484)
last seen	2020-06-01
modified	2020-06-02
plugin id	33123
published	2008-06-09
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/33123
title	openSUSE 10 Security Update : tkimg (tkimg-5328)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2008-1643.NASL
description	Rebuilt to utilize system gd instead of internal copy. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	31079
published	2008-02-14
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/31079
title	Fedora 7 : graphviz-2.12-10.fc7 (2008-1643)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2008-0146.NASL
description	From Red Hat Security Advisory 2008:0146 : Updated gd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The gd package contains a graphics library used for the dynamic creation of images such as PNG and JPEG. Multiple issues were discovered in the gd GIF image-handling code. A carefully-crafted GIF file could cause a crash or possibly execute code with the privileges of the application using the gd library. (CVE-2006-4484, CVE-2007-3475, CVE-2007-3476) An integer overflow was discovered in the gdImageCreateTrueColor() function, leading to incorrect memory allocations. A carefully crafted image could cause a crash or possibly execute code with the privileges of the application using the gd library. (CVE-2007-3472) A buffer over-read flaw was discovered. This could cause a crash in an application using the gd library to render certain strings using a JIS-encoded font. (CVE-2007-0455) A flaw was discovered in the gd PNG image handling code. A truncated PNG image could cause an infinite loop in an application using the gd library. (CVE-2007-2756) A flaw was discovered in the gd X BitMap (XBM) image-handling code. A malformed or truncated XBM image could cause a crash in an application using the gd library. (CVE-2007-3473) Users of gd should upgrade to these updated packages, which contain backported patches which resolve these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	67657
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/67657
title	Oracle Linux 4 / 5 : gd (ELSA-2008-0146)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2006-1024.NASL
description	This update includes the latest upstream release of PHP 5.1, version 5.1.6, fixing a number of security vulnerabilities, and other bugs. An integer overflow was discovered in the PHP memory handling routines. If a script can cause memory allocation based on untrusted user data, a remote attacker sending a carefully crafted request could execute arbitrary code as the
last seen	2020-06-01
modified	2020-06-02
plugin id	24032
published	2007-01-17
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/24032
title	Fedora Core 5 : php-5.1.6-1.1 (2006-1024)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-200802-01.NASL
description	The remote host is affected by the vulnerability described in GLSA-200802-01 (SDL_image: Two buffer overflow vulnerabilities) The LWZReadByte() function in file IMG_gif.c and the IMG_LoadLBM_RW() function in file IMG_lbm.c each contain a boundary error that can be triggered to cause a static buffer overflow and a heap-based buffer overflow. The first boundary error comes from some old vulnerable GD PHP code (CVE-2006-4484). Impact : A remote attacker can make an application using the SDL_image library to process a specially crafted GIF file or IFF ILBM file that will trigger a buffer overflow, resulting in the execution of arbitrary code with the permissions of the application or the application crash. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	30243
published	2008-02-11
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/30243
title	GLSA-200802-01 : SDL_image: Two buffer overflow vulnerabilities

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2008-0146.NASL
description	Updated gd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The gd package contains a graphics library used for the dynamic creation of images such as PNG and JPEG. Multiple issues were discovered in the gd GIF image-handling code. A carefully-crafted GIF file could cause a crash or possibly execute code with the privileges of the application using the gd library. (CVE-2006-4484, CVE-2007-3475, CVE-2007-3476) An integer overflow was discovered in the gdImageCreateTrueColor() function, leading to incorrect memory allocations. A carefully crafted image could cause a crash or possibly execute code with the privileges of the application using the gd library. (CVE-2007-3472) A buffer over-read flaw was discovered. This could cause a crash in an application using the gd library to render certain strings using a JIS-encoded font. (CVE-2007-0455) A flaw was discovered in the gd PNG image handling code. A truncated PNG image could cause an infinite loop in an application using the gd library. (CVE-2007-2756) A flaw was discovered in the gd X BitMap (XBM) image-handling code. A malformed or truncated XBM image could cause a crash in an application using the gd library. (CVE-2007-3473) Users of gd should upgrade to these updated packages, which contain backported patches which resolve these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	31310
published	2008-02-29
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/31310
title	CentOS 4 / 5 : gd (CESA-2008:0146)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20080228_GD_ON_SL4_X.NASL
description	Multiple issues were discovered in the gd GIF image-handling code. A carefully-crafted GIF file could cause a crash or possibly execute code with the privileges of the application using the gd library. (CVE-2006-4484, CVE-2007-3475, CVE-2007-3476) An integer overflow was discovered in the gdImageCreateTrueColor() function, leading to incorrect memory allocations. A carefully crafted image could cause a crash or possibly execute code with the privileges of the application using the gd library. (CVE-2007-3472) A buffer over-read flaw was discovered. This could cause a crash in an application using the gd library to render certain strings using a JIS-encoded font. (CVE-2007-0455) A flaw was discovered in the gd PNG image handling code. A truncated PNG image could cause an infinite loop in an application using the gd library. (CVE-2007-2756) A flaw was discovered in the gd X BitMap (XBM) image-handling code. A malformed or truncated XBM image could cause a crash in an application using the gd library. (CVE-2007-3473)
last seen	2020-06-01
modified	2020-06-02
plugin id	60367
published	2012-08-01
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/60367
title	Scientific Linux Security Update : gd on SL4.x, SL5.x i386/x86_64

NASL family	SuSE Local Security Checks
NASL id	SUSE_PERL-TK-5034.NASL
description	Specially crafted GIF files could crash perl-Tk. (CVE-2006-4484)
last seen	2020-06-01
modified	2020-06-02
plugin id	31339
published	2008-03-04
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/31339
title	SuSE 10 Security Update : perl-Tk (ZYPP Patch Number 5034)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2008-0146.NASL
description	Updated gd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The gd package contains a graphics library used for the dynamic creation of images such as PNG and JPEG. Multiple issues were discovered in the gd GIF image-handling code. A carefully-crafted GIF file could cause a crash or possibly execute code with the privileges of the application using the gd library. (CVE-2006-4484, CVE-2007-3475, CVE-2007-3476) An integer overflow was discovered in the gdImageCreateTrueColor() function, leading to incorrect memory allocations. A carefully crafted image could cause a crash or possibly execute code with the privileges of the application using the gd library. (CVE-2007-3472) A buffer over-read flaw was discovered. This could cause a crash in an application using the gd library to render certain strings using a JIS-encoded font. (CVE-2007-0455) A flaw was discovered in the gd PNG image handling code. A truncated PNG image could cause an infinite loop in an application using the gd library. (CVE-2007-2756) A flaw was discovered in the gd X BitMap (XBM) image-handling code. A malformed or truncated XBM image could cause a crash in an application using the gd library. (CVE-2007-3473) Users of gd should upgrade to these updated packages, which contain backported patches which resolve these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	31306
published	2008-02-28
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/31306
title	RHEL 4 / 5 : gd (RHSA-2008:0146)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2006-0730.NASL
description	Updated PHP packages that fix a security issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. Users of PHP should upgrade to these updated packages which contain backported patches to correct these issues. These packages also contain a fix for a bug where certain input strings to the metaphone() function could cause memory corruption. From Red Hat Security Advisory 2006:0730 : The Hardened-PHP Project discovered an overflow in the PHP htmlentities() and htmlspecialchars() routines. If a PHP script used the vulnerable functions to parse UTF-8 data, a remote attacker sending a carefully crafted request could trigger the overflow and potentially execute arbitrary code as the
last seen	2020-06-01
modified	2020-06-02
plugin id	67421
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/67421
title	Oracle Linux 4 : php (ELSA-2006-0730 / ELSA-2006-0669)

NASL family	Mandriva Local Security Checks
NASL id	MANDRAKE_MDKSA-2006-162.NASL
description	The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings (CVE-2006-4481). Buffer overflow in the LWZReadByte function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array (CVE-2006-4484). The stripos function in PHP before 5.1.5 has unknown impact and attack vectors related to an out-of-bounds read (CVE-2006-4485). CVE-2006-4485 does not affect the Corporate3 or MNF2 versions of PHP. Updated packages have been patched to correct these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	23906
published	2006-12-16
reporter	This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/23906
title	Mandrake Linux Security Advisory : php (MDKSA-2006:162)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2006-0669.NASL
description	Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A response-splitting issue was discovered in the PHP session handling. If a remote attacker can force a carefully crafted session identifier to be used, a cross-site-scripting or response-splitting attack could be possible. (CVE-2006-3016) A buffer overflow was discovered in the PHP sscanf() function. If a script used the sscanf() function with positional arguments in the format string, a remote attacker sending a carefully crafted request could execute arbitrary code as the
last seen	2020-06-01
modified	2020-06-02
plugin id	22443
published	2006-09-22
reporter	This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/22443
title	RHEL 3 / 4 : php (RHSA-2006:0669)

Oval

accepted

2013-04-29T04:18:07.650-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651
comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990
comment The operating system installed on the system is Red Hat Enterprise Linux 5
oval oval:org.mitre.oval:def:11414
comment The operating system installed on the system is CentOS Linux 5.x
oval oval:org.mitre.oval:def:15802
comment Oracle Linux 5.x
oval oval:org.mitre.oval:def:15459

description

bgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array.

family

unix

oval:org.mitre.oval:def:9004

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

Redhat

advisories

rhsa
id RHSA-2006:0688
rhsa
id RHSA-2008:0146

rpms

php-0:4.3.2-36.ent
php-0:4.3.9-3.18
php-debuginfo-0:4.3.2-36.ent
php-debuginfo-0:4.3.9-3.18
php-devel-0:4.3.2-36.ent
php-devel-0:4.3.9-3.18
php-domxml-0:4.3.9-3.18
php-gd-0:4.3.9-3.18
php-imap-0:4.3.2-36.ent
php-imap-0:4.3.9-3.18
php-ldap-0:4.3.2-36.ent
php-ldap-0:4.3.9-3.18
php-mbstring-0:4.3.9-3.18
php-mysql-0:4.3.2-36.ent
php-mysql-0:4.3.9-3.18
php-ncurses-0:4.3.9-3.18
php-odbc-0:4.3.2-36.ent
php-odbc-0:4.3.9-3.18
php-pear-0:4.3.9-3.18
php-pgsql-0:4.3.2-36.ent
php-pgsql-0:4.3.9-3.18
php-snmp-0:4.3.9-3.18
php-xmlrpc-0:4.3.9-3.18
php-0:5.1.4-1.el4s1.4
php-bcmath-0:5.1.4-1.el4s1.4
php-dba-0:5.1.4-1.el4s1.4
php-debuginfo-0:5.1.4-1.el4s1.4
php-devel-0:5.1.4-1.el4s1.4
php-gd-0:5.1.4-1.el4s1.4
php-imap-0:5.1.4-1.el4s1.4
php-ldap-0:5.1.4-1.el4s1.4
php-mbstring-0:5.1.4-1.el4s1.4
php-mysql-0:5.1.4-1.el4s1.4
php-ncurses-0:5.1.4-1.el4s1.4
php-odbc-0:5.1.4-1.el4s1.4
php-pdo-0:5.1.4-1.el4s1.4
php-pgsql-0:5.1.4-1.el4s1.4
php-snmp-0:5.1.4-1.el4s1.4
php-soap-0:5.1.4-1.el4s1.4
php-xml-0:5.1.4-1.el4s1.4
php-xmlrpc-0:5.1.4-1.el4s1.4
gd-0:2.0.28-5.4E.el4_6.1
gd-0:2.0.33-9.4.el5_1.1
gd-debuginfo-0:2.0.28-5.4E.el4_6.1
gd-debuginfo-0:2.0.33-9.4.el5_1.1
gd-devel-0:2.0.28-5.4E.el4_6.1
gd-devel-0:2.0.33-9.4.el5_1.1
gd-progs-0:2.0.28-5.4E.el4_6.1
gd-progs-0:2.0.33-9.4.el5_1.1

Summary

Vulnerable Configurations

Nessus

Oval

Redhat

References