Vulnerabilities > CVE-2007-3472 - Numeric Errors vulnerability in Libgd GD Graphics Library 2.0.33/2.0.34/2.0.35
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified attack vectors and impact.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 9 |
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id SUSE9_11578.NASL description This update fixes multiple integer overflows in the gd library. Specially crafted files could leverage them to at least crash gd based applications. (CVE-2007-3472, CVE-2007-3475, CVE-2007-3476, CVE-2007-3477, CVE-2007-3478) last seen 2020-06-01 modified 2020-06-02 plugin id 41138 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41138 title SuSE9 Security Update : gd (YOU Patch Number 11578) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_6E09999725D811DC878B000C29C5647F.NASL description gd had been reported vulnerable to several vulnerabilities : - CVE-2007-3472: Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers has unspecified attack vectors and impact. - CVE-2007-3473: The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure. - CVE-2007-3474: Multiple unspecified vulnerabilities in the GIF reader in the GD Graphics Library (libgd) before 2.0.35 allow user-assisted remote attackers to have unspecified attack vectors and impact. - CVE-2007-3475: The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map. - CVE-2007-3476: Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault. - CVE-2007-3477: The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allows attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value. - CVE-2007-3478: Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support. last seen 2020-06-01 modified 2020-06-02 plugin id 25633 published 2007-07-01 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25633 title FreeBSD : gd -- multiple vulnerabilities (6e099997-25d8-11dc-878b-000c29c5647f) NASL family Fedora Local Security Checks NASL id FEDORA_2007-692.NASL description - Wed Sep 5 2007 Ivana Varekova <varekova at redhat.com> - 2.0.35-1 - update to 2.0.35 - fix several vulnerabilities #277421 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 26081 published 2007-09-24 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/26081 title Fedora Core 6 : gd-2.0.35-1.fc6 (2007-692) NASL family SuSE Local Security Checks NASL id SUSE9_11666.NASL description This update fixes multiple bugs in PHP : - Predictable generaton of an initialization vector (IV) in the mcrypt extension - Additional cookie attributes could be injected via a session ID. - Specially crafted files could cause integer overflows in gd and leverage them to at least crash gd based applications. This update covers CVE IDs CVE-2007-2727, CVE-2007-3472, CVE-2007-3475, CVE-2007-3476 CVE-2007-3477, CVE-2007-3478 and CVE-2007-3799. last seen 2020-06-01 modified 2020-06-02 plugin id 41143 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41143 title SuSE9 Security Update : PHP4 (YOU Patch Number 11666) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2015-604.NASL description It was discovered that libwmf did not correctly process certain WMF (Windows Metafiles) with embedded BMP images. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the application. (CVE-2015-0848 , CVE-2015-4588) It was discovered that libwmf did not properly process certain WMF files. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly exploit this flaw to cause a crash or execute arbitrary code with the privileges of the user running the application. (CVE-2015-4696) It was discovered that libwmf did not properly process certain WMF files. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly exploit this flaw to cause a crash. (CVE-2015-4695) The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service (CPU consumption) via a crafted PNG image with truncated data, which causes an infinite loop in the png_read_info function in libpng. (CVE-2007-2756) Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font. (CVE-2007-0455) The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293 . NOTE: some of these details are obtained from third party information. (CVE-2009-3546) Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified attack vectors and impact. (CVE-2007-3472) The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure. (CVE-2007-3473) last seen 2020-06-01 modified 2020-06-02 plugin id 86635 published 2015-10-29 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/86635 title Amazon Linux AMI : libwmf (ALAS-2015-604) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2018-120-01.NASL description New libwmf packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 109432 published 2018-05-01 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109432 title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : libwmf (SSA:2018-120-01) NASL family SuSE Local Security Checks NASL id SUSE_GD-3895.NASL description This update fixes multiple integer overflows in the gd library. Specially crafted files could leverage them to at least crash gd based applications. (CVE-2007-3472 / CVE-2007-3475 / CVE-2007-3476 / CVE-2007-3477 / CVE-2007-3478) last seen 2020-06-01 modified 2020-06-02 plugin id 29440 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29440 title SuSE 10 Security Update : gd (ZYPP Patch Number 3895) NASL family SuSE Local Security Checks NASL id SUSE_GD-3896.NASL description This update fixes multiple integer overflows in the gd library. Specially crafted files could leverage them to at least crash gd based applications (CVE-2007-3472, CVE-2007-3475, CVE-2007-3476, CVE-2007-3477, CVE-2007-3478). last seen 2020-06-01 modified 2020-06-02 plugin id 27231 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27231 title openSUSE 10 Security Update : gd (gd-3896) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200708-05.NASL description The remote host is affected by the vulnerability described in GLSA-200708-05 (GD: Multiple vulnerabilities) Xavier Roche discovered an infinite loop in the gdPngReadData() function when processing a truncated PNG file (CVE-2007-2756). An integer overflow has been discovered in the gdImageCreateTrueColor() function (CVE-2007-3472). An error has been discovered in the function gdImageCreateXbm() function (CVE-2007-3473). Unspecified vulnerabilities have been discovered in the GIF reader (CVE-2007-3474). An error has been discovered when processing a GIF image that has no global color map (CVE-2007-3475). An array index error has been discovered in the file gd_gif_in.c when processing images with an invalid color index (CVE-2007-3476). An error has been discovered in the imagearc() and imagefilledarc() functions when processing overly large angle values (CVE-2007-3477). A race condition has been discovered in the gdImageStringFTEx() function (CVE-2007-3478). Impact : A remote attacker could exploit one of these vulnerabilities to cause a Denial of Service or possibly execute arbitrary code with the privileges of the user running GD. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 25870 published 2007-08-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25870 title GLSA-200708-05 : GD: Multiple vulnerabilities NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2008-0146.NASL description From Red Hat Security Advisory 2008:0146 : Updated gd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The gd package contains a graphics library used for the dynamic creation of images such as PNG and JPEG. Multiple issues were discovered in the gd GIF image-handling code. A carefully-crafted GIF file could cause a crash or possibly execute code with the privileges of the application using the gd library. (CVE-2006-4484, CVE-2007-3475, CVE-2007-3476) An integer overflow was discovered in the gdImageCreateTrueColor() function, leading to incorrect memory allocations. A carefully crafted image could cause a crash or possibly execute code with the privileges of the application using the gd library. (CVE-2007-3472) A buffer over-read flaw was discovered. This could cause a crash in an application using the gd library to render certain strings using a JIS-encoded font. (CVE-2007-0455) A flaw was discovered in the gd PNG image handling code. A truncated PNG image could cause an infinite loop in an application using the gd library. (CVE-2007-2756) A flaw was discovered in the gd X BitMap (XBM) image-handling code. A malformed or truncated XBM image could cause a crash in an application using the gd library. (CVE-2007-3473) Users of gd should upgrade to these updated packages, which contain backported patches which resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 67657 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67657 title Oracle Linux 4 / 5 : gd (ELSA-2008-0146) NASL family Fedora Local Security Checks NASL id FEDORA_2007-2055.NASL description - Wed Sep 5 2007 Ivana varekova <varekova at redhat.com> 2.0.35-1 - update to 2.0.35 - fix several vulnerabilities #277421 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27748 published 2007-11-06 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27748 title Fedora 7 : gd-2.0.35-1.fc7 (2007-2055) NASL family SuSE Local Security Checks NASL id SUSE_APACHE2-MOD_PHP5-3979.NASL description This update fixes multiple bugs in php : - predictable generaton of an initialization vector (IV) in the mcrypt extension - additional cookie attributes could be injected via a session id - specially crafted files could cause integer overflows in gd and leverage them to at least crash gd based applications - insufficient validation of parmeters in the substr_count function - predictable generaton of an initialization vector (IV) in the soap extension CVE-2007-2727, CVE-2007-2748, CVE-2007-2728, CVE-2007-3472 CVE-2007-3475, CVE-2007-3476, CVE-2007-3477, CVE-2007-3478 CVE-2007-3799 last seen 2020-06-01 modified 2020-06-02 plugin id 27152 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27152 title openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-3979) NASL family Fedora Local Security Checks NASL id FEDORA_2010-19022.NASL description - Mon Dec 6 2010 Caolan McNamara <caolanm at redhat.com> - 0.2.8.4-22 - Resolves: rhbz#660161 security issues Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 51414 published 2011-01-05 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/51414 title Fedora 13 : libwmf-0.2.8.4-22.fc13 (2010-19022) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2008-0146.NASL description Updated gd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The gd package contains a graphics library used for the dynamic creation of images such as PNG and JPEG. Multiple issues were discovered in the gd GIF image-handling code. A carefully-crafted GIF file could cause a crash or possibly execute code with the privileges of the application using the gd library. (CVE-2006-4484, CVE-2007-3475, CVE-2007-3476) An integer overflow was discovered in the gdImageCreateTrueColor() function, leading to incorrect memory allocations. A carefully crafted image could cause a crash or possibly execute code with the privileges of the application using the gd library. (CVE-2007-3472) A buffer over-read flaw was discovered. This could cause a crash in an application using the gd library to render certain strings using a JIS-encoded font. (CVE-2007-0455) A flaw was discovered in the gd PNG image handling code. A truncated PNG image could cause an infinite loop in an application using the gd library. (CVE-2007-2756) A flaw was discovered in the gd X BitMap (XBM) image-handling code. A malformed or truncated XBM image could cause a crash in an application using the gd library. (CVE-2007-3473) Users of gd should upgrade to these updated packages, which contain backported patches which resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 31310 published 2008-02-29 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/31310 title CentOS 4 / 5 : gd (CESA-2008:0146) NASL family Scientific Linux Local Security Checks NASL id SL_20080228_GD_ON_SL4_X.NASL description Multiple issues were discovered in the gd GIF image-handling code. A carefully-crafted GIF file could cause a crash or possibly execute code with the privileges of the application using the gd library. (CVE-2006-4484, CVE-2007-3475, CVE-2007-3476) An integer overflow was discovered in the gdImageCreateTrueColor() function, leading to incorrect memory allocations. A carefully crafted image could cause a crash or possibly execute code with the privileges of the application using the gd library. (CVE-2007-3472) A buffer over-read flaw was discovered. This could cause a crash in an application using the gd library to render certain strings using a JIS-encoded font. (CVE-2007-0455) A flaw was discovered in the gd PNG image handling code. A truncated PNG image could cause an infinite loop in an application using the gd library. (CVE-2007-2756) A flaw was discovered in the gd X BitMap (XBM) image-handling code. A malformed or truncated XBM image could cause a crash in an application using the gd library. (CVE-2007-3473) last seen 2020-06-01 modified 2020-06-02 plugin id 60367 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60367 title Scientific Linux Security Update : gd on SL4.x, SL5.x i386/x86_64 NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_CA139C7F2A8C11E5A4A5002590263BF5.NASL description Mitre reports : Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function, a different set of vulnerabilities than CVE-2004-0990. Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font. The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service (CPU consumption) via a crafted PNG image with truncated data, which causes an infinite loop in the png_read_info function in libpng. Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified attack vectors and impact. The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure. The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allow attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value. The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information. Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image. meta.h in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WMF file. Use-after-free vulnerability in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) via a crafted WMF file to the (1) wmf2gd or (2) wmf2eps command. Heap-based buffer overflow in the DecodeImage function in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted last seen 2020-06-01 modified 2020-06-02 plugin id 84782 published 2015-07-16 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84782 title FreeBSD : libwmf -- multiple vulnerabilities (ca139c7f-2a8c-11e5-a4a5-002590263bf5) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0146.NASL description Updated gd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The gd package contains a graphics library used for the dynamic creation of images such as PNG and JPEG. Multiple issues were discovered in the gd GIF image-handling code. A carefully-crafted GIF file could cause a crash or possibly execute code with the privileges of the application using the gd library. (CVE-2006-4484, CVE-2007-3475, CVE-2007-3476) An integer overflow was discovered in the gdImageCreateTrueColor() function, leading to incorrect memory allocations. A carefully crafted image could cause a crash or possibly execute code with the privileges of the application using the gd library. (CVE-2007-3472) A buffer over-read flaw was discovered. This could cause a crash in an application using the gd library to render certain strings using a JIS-encoded font. (CVE-2007-0455) A flaw was discovered in the gd PNG image handling code. A truncated PNG image could cause an infinite loop in an application using the gd library. (CVE-2007-2756) A flaw was discovered in the gd X BitMap (XBM) image-handling code. A malformed or truncated XBM image could cause a crash in an application using the gd library. (CVE-2007-3473) Users of gd should upgrade to these updated packages, which contain backported patches which resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 31306 published 2008-02-28 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/31306 title RHEL 4 / 5 : gd (RHSA-2008:0146) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-153.NASL description GD versions prior to 2.0.35 have a number of bugs which potentially lead to denial of service and possibly other issues. Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified remote attack vectors and impact. (CVE-2007-3472) The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure. (CVE-2007-3473) Multiple unspecified vulnerabilities in the GIF reader in the GD Graphics Library (libgd) before 2.0.35 allow user-assisted remote attackers to have unspecified attack vectors and impact. (CVE-2007-3474) The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map. (CVE-2007-3475) Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault. (CVE-2007-3476) The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allows attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value. (CVE-2007-3477) Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support. (CVE-2007-3478) The security issues related to GIF image handling (CVE-2007-3473, CVE-2007-3474, CVE-2007-3475, CVE-2007-3476) do not affect Corporate 3.0, as the version of GD included in these versions does not include GIF support. Updated packages have been patched to prevent these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 25875 published 2007-08-13 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25875 title Mandrake Linux Security Advisory : gd (MDKSA-2007:153) NASL family Fedora Local Security Checks NASL id FEDORA_2010-19033.NASL description - Mon Dec 6 2010 Caolan McNamara <caolanm at redhat.com> - 0.2.8.4-27 - Resolves: rhbz#660161 security issues Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 51415 published 2011-01-05 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/51415 title Fedora 14 : libwmf-0.2.8.4-27.fc14 (2010-19033) NASL family SuSE Local Security Checks NASL id SUSE_APACHE2-MOD_PHP5-3980.NASL description This update fixes multiple bugs in php : - predictable generaton of an initialization vector (IV) in the mcrypt extension - additional cookie attributes could be injected via a session id - specially crafted files could cause integer overflows in gd and leverage them to at least crash gd based applications - insufficient validation of parmeters in the substr_count function - predictable generaton of an initialization vector (IV) in the soap extension CVE-2007-2727 / CVE-2007-2748 / CVE-2007-2728 / CVE-2007-3472 / CVE-2007-3475 / CVE-2007-3476 / CVE-2007-3477 / CVE-2007-3478 / CVE-2007-3799 last seen 2020-06-01 modified 2020-06-02 plugin id 29379 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29379 title SuSE 10 Security Update : PHP5 (ZYPP Patch Number 3980) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-164.NASL description Maurycy Prodeus found an integer overflow vulnerability in the way various PDF viewers processed PDF files. An attacker could create a malicious PDF file that could cause tetex to crash and possibly execute arbitrary code open a user opening the file. In addition, tetex contains an embedded copy of the GD library which suffers from a number of bugs which potentially lead to denial of service and possibly other issues. Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified remote attack vectors and impact. (CVE-2007-3472) The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure. (CVE-2007-3473) Multiple unspecified vulnerabilities in the GIF reader in the GD Graphics Library (libgd) before 2.0.35 allow user-assisted remote attackers to have unspecified attack vectors and impact. (CVE-2007-3474) The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map. (CVE-2007-3475) Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault. (CVE-2007-3476) The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allows attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value. (CVE-2007-3477) Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support. (CVE-2007-3478) Updated packages have been patched to prevent these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 25896 published 2007-08-15 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25896 title Mandrake Linux Security Advisory : tetex (MDKSA-2007:164) NASL family SuSE Local Security Checks NASL id SUSE_APACHE2-MOD_PHP5-3978.NASL description This update fixes multiple bugs in php : - predictable generaton of an initialization vector (IV) in the mcrypt extension - additional cookie attributes could be injected via a session id - specially crafted files could cause integer overflows in gd and leverage them to at least crash gd based applications - insufficient validation of parmeters in the substr_count function - predictable generaton of an initialization vector (IV) in the soap extension CVE-2007-2727, CVE-2007-2748, CVE-2007-2728, CVE-2007-3472 CVE-2007-3475, CVE-2007-3476, CVE-2007-3477, CVE-2007-3478 CVE-2007-3799 last seen 2020-06-01 modified 2020-06-02 plugin id 27151 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27151 title openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-3978)
Oval
| accepted | 2013-04-29T04:11:15.512-04:00 | ||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||
| description | Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified attack vectors and impact. | ||||||||||||||||||||||||
| family | unix | ||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:11067 | ||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||||||
| title | Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified attack vectors and impact. | ||||||||||||||||||||||||
| version | 27 |
Redhat
| advisories |
| ||||
| rpms |
|
Statements
| contributor | Mark J Cox |
| lastmodified | 2007-09-05 |
| organization | Red Hat |
| statement | Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-3472 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. |
References
- ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz
- ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz
- http://bugs.libgd.org/?do=details&task_id=89
- http://bugs.libgd.org/?do=details&task_id=89
- http://fedoranews.org/updates/FEDORA-2007-205.shtml
- http://fedoranews.org/updates/FEDORA-2007-205.shtml
- http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html
- http://osvdb.org/37745
- http://osvdb.org/37745
- http://secunia.com/advisories/25855
- http://secunia.com/advisories/25855
- http://secunia.com/advisories/25860
- http://secunia.com/advisories/25860
- http://secunia.com/advisories/26272
- http://secunia.com/advisories/26272
- http://secunia.com/advisories/26390
- http://secunia.com/advisories/26390
- http://secunia.com/advisories/26415
- http://secunia.com/advisories/26415
- http://secunia.com/advisories/26467
- http://secunia.com/advisories/26467
- http://secunia.com/advisories/26663
- http://secunia.com/advisories/26663
- http://secunia.com/advisories/26766
- http://secunia.com/advisories/26766
- http://secunia.com/advisories/26856
- http://secunia.com/advisories/26856
- http://secunia.com/advisories/29157
- http://secunia.com/advisories/29157
- http://secunia.com/advisories/30168
- http://secunia.com/advisories/30168
- http://secunia.com/advisories/42813
- http://secunia.com/advisories/42813
- http://security.gentoo.org/glsa/glsa-200708-05.xml
- http://security.gentoo.org/glsa/glsa-200708-05.xml
- http://security.gentoo.org/glsa/glsa-200711-34.xml
- http://security.gentoo.org/glsa/glsa-200711-34.xml
- http://security.gentoo.org/glsa/glsa-200805-13.xml
- http://security.gentoo.org/glsa/glsa-200805-13.xml
- http://www.libgd.org/ReleaseNote020035
- http://www.libgd.org/ReleaseNote020035
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:153
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:153
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:164
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:164
- http://www.novell.com/linux/security/advisories/2007_15_sr.html
- http://www.novell.com/linux/security/advisories/2007_15_sr.html
- http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html
- http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html
- http://www.redhat.com/support/errata/RHSA-2008-0146.html
- http://www.redhat.com/support/errata/RHSA-2008-0146.html
- http://www.securityfocus.com/archive/1/478796/100/0/threaded
- http://www.securityfocus.com/archive/1/478796/100/0/threaded
- http://www.securityfocus.com/bid/24651
- http://www.securityfocus.com/bid/24651
- http://www.secweb.se/en/advisories/gd-gdimagecreatetruecolor-integer-overflow/
- http://www.secweb.se/en/advisories/gd-gdimagecreatetruecolor-integer-overflow/
- http://www.trustix.org/errata/2007/0024/
- http://www.trustix.org/errata/2007/0024/
- http://www.vupen.com/english/advisories/2007/2336
- http://www.vupen.com/english/advisories/2007/2336
- http://www.vupen.com/english/advisories/2011/0022
- http://www.vupen.com/english/advisories/2011/0022
- https://bugzilla.redhat.com/show_bug.cgi?id=277421
- https://bugzilla.redhat.com/show_bug.cgi?id=277421
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35108
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35108
- https://issues.rpath.com/browse/RPL-1643
- https://issues.rpath.com/browse/RPL-1643
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11067
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11067