Vulnerabilities > CVE-2007-3473 - Multiple vulnerability in GD Graphics Library

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
libgd
nessus
exploit available

Summary

The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure.

Vulnerable Configurations

Part Description Count
Application
Libgd
1

Exploit-Db

descriptionGD Graphics Library 2.0.34 (libgd) gdImageCreateXbm Function Unspecified DoS. CVE-2007-3473. Dos exploit for linux platform
idEDB-ID:30251
last seen2016-02-03
modified2007-06-26
published2007-06-26
reporteranonymous
sourcehttps://www.exploit-db.com/download/30251/
titleGD Graphics Library <= 2.0.34 libgd gdImageCreateXbm Function Unspecified DoS

Nessus

  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_6E09999725D811DC878B000C29C5647F.NASL
    descriptiongd had been reported vulnerable to several vulnerabilities : - CVE-2007-3472: Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers has unspecified attack vectors and impact. - CVE-2007-3473: The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure. - CVE-2007-3474: Multiple unspecified vulnerabilities in the GIF reader in the GD Graphics Library (libgd) before 2.0.35 allow user-assisted remote attackers to have unspecified attack vectors and impact. - CVE-2007-3475: The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map. - CVE-2007-3476: Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault. - CVE-2007-3477: The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allows attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value. - CVE-2007-3478: Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support.
    last seen2020-06-01
    modified2020-06-02
    plugin id25633
    published2007-07-01
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25633
    titleFreeBSD : gd -- multiple vulnerabilities (6e099997-25d8-11dc-878b-000c29c5647f)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2018 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(25633);
      script_version("1.18");
      script_cvs_date("Date: 2019/08/02 13:32:38");
    
      script_cve_id("CVE-2007-3472", "CVE-2007-3473", "CVE-2007-3474", "CVE-2007-3475", "CVE-2007-3476", "CVE-2007-3477", "CVE-2007-3478");
    
      script_name(english:"FreeBSD : gd -- multiple vulnerabilities (6e099997-25d8-11dc-878b-000c29c5647f)");
      script_summary(english:"Checks for updated package in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote FreeBSD host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "gd had been reported vulnerable to several vulnerabilities :
    
    - CVE-2007-3472: Integer overflow in gdImageCreateTrueColor function
    in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted
    remote attackers has unspecified attack vectors and impact.
    
    - CVE-2007-3473: The gdImageCreateXbm function in the GD Graphics
    Library (libgd) before 2.0.35 allows user-assisted remote attackers to
    cause a denial of service (crash) via unspecified vectors involving a
    gdImageCreate failure.
    
    - CVE-2007-3474: Multiple unspecified vulnerabilities in the GIF
    reader in the GD Graphics Library (libgd) before 2.0.35 allow
    user-assisted remote attackers to have unspecified attack vectors and
    impact.
    
    - CVE-2007-3475: The GD Graphics Library (libgd) before 2.0.35 allows
    user-assisted remote attackers to cause a denial of service (crash)
    via a GIF image that has no global color map.
    
    - CVE-2007-3476: Array index error in gd_gif_in.c in the GD Graphics
    Library (libgd) before 2.0.35 allows user-assisted remote attackers to
    cause a denial of service (crash and heap corruption) via large color
    index values in crafted image data, which results in a segmentation
    fault.
    
    - CVE-2007-3477: The (a) imagearc and (b) imagefilledarc functions in
    GD Graphics Library (libgd) before 2.0.35 allows attackers to cause a
    denial of service (CPU consumption) via a large (1) start or (2) end
    angle degree value.
    
    - CVE-2007-3478: Race condition in gdImageStringFTEx
    (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before
    2.0.35 allows user-assisted remote attackers to cause a denial of
    service (crash) via unspecified vectors, possibly involving truetype
    font (TTF) support."
      );
      # http://www.libgd.org/ReleaseNote020035
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?9fa888e5"
      );
      # http://www.frsirt.com/english/advisories/2007/2336
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.frsirt.com"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://bugs.libgd.org/?do=details&task_id=89"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://bugs.libgd.org/?do=details&task_id=94"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://bugs.libgd.org/?do=details&task_id=70"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://bugs.libgd.org/?do=details&task_id=87"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://bugs.libgd.org/?do=details&task_id=92"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://bugs.libgd.org/?do=details&task_id=74"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://bugs.libgd.org/?do=details&task_id=48"
      );
      # http://bugs.php.net/bug.php?id=40578
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.php.net/bug.php?id=40578"
      );
      # https://vuxml.freebsd.org/freebsd/6e099997-25d8-11dc-878b-000c29c5647f.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?1fa6faa1"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_cwe_id(189, 362, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:gd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/06/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2007/06/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/07/01");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"gd<2.0.35,1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-692.NASL
    description - Wed Sep 5 2007 Ivana Varekova <varekova at redhat.com> - 2.0.35-1 - update to 2.0.35 - fix several vulnerabilities #277421 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id26081
    published2007-09-24
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/26081
    titleFedora Core 6 : gd-2.0.35-1.fc6 (2007-692)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2015-604.NASL
    descriptionIt was discovered that libwmf did not correctly process certain WMF (Windows Metafiles) with embedded BMP images. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the application. (CVE-2015-0848 , CVE-2015-4588) It was discovered that libwmf did not properly process certain WMF files. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly exploit this flaw to cause a crash or execute arbitrary code with the privileges of the user running the application. (CVE-2015-4696) It was discovered that libwmf did not properly process certain WMF files. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly exploit this flaw to cause a crash. (CVE-2015-4695) The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service (CPU consumption) via a crafted PNG image with truncated data, which causes an infinite loop in the png_read_info function in libpng. (CVE-2007-2756) Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font. (CVE-2007-0455) The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293 . NOTE: some of these details are obtained from third party information. (CVE-2009-3546) Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified attack vectors and impact. (CVE-2007-3472) The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure. (CVE-2007-3473)
    last seen2020-06-01
    modified2020-06-02
    plugin id86635
    published2015-10-29
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/86635
    titleAmazon Linux AMI : libwmf (ALAS-2015-604)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2018-120-01.NASL
    descriptionNew libwmf packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id109432
    published2018-05-01
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109432
    titleSlackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : libwmf (SSA:2018-120-01)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200708-05.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200708-05 (GD: Multiple vulnerabilities) Xavier Roche discovered an infinite loop in the gdPngReadData() function when processing a truncated PNG file (CVE-2007-2756). An integer overflow has been discovered in the gdImageCreateTrueColor() function (CVE-2007-3472). An error has been discovered in the function gdImageCreateXbm() function (CVE-2007-3473). Unspecified vulnerabilities have been discovered in the GIF reader (CVE-2007-3474). An error has been discovered when processing a GIF image that has no global color map (CVE-2007-3475). An array index error has been discovered in the file gd_gif_in.c when processing images with an invalid color index (CVE-2007-3476). An error has been discovered in the imagearc() and imagefilledarc() functions when processing overly large angle values (CVE-2007-3477). A race condition has been discovered in the gdImageStringFTEx() function (CVE-2007-3478). Impact : A remote attacker could exploit one of these vulnerabilities to cause a Denial of Service or possibly execute arbitrary code with the privileges of the user running GD. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id25870
    published2007-08-13
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25870
    titleGLSA-200708-05 : GD: Multiple vulnerabilities
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2008-0146.NASL
    descriptionFrom Red Hat Security Advisory 2008:0146 : Updated gd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The gd package contains a graphics library used for the dynamic creation of images such as PNG and JPEG. Multiple issues were discovered in the gd GIF image-handling code. A carefully-crafted GIF file could cause a crash or possibly execute code with the privileges of the application using the gd library. (CVE-2006-4484, CVE-2007-3475, CVE-2007-3476) An integer overflow was discovered in the gdImageCreateTrueColor() function, leading to incorrect memory allocations. A carefully crafted image could cause a crash or possibly execute code with the privileges of the application using the gd library. (CVE-2007-3472) A buffer over-read flaw was discovered. This could cause a crash in an application using the gd library to render certain strings using a JIS-encoded font. (CVE-2007-0455) A flaw was discovered in the gd PNG image handling code. A truncated PNG image could cause an infinite loop in an application using the gd library. (CVE-2007-2756) A flaw was discovered in the gd X BitMap (XBM) image-handling code. A malformed or truncated XBM image could cause a crash in an application using the gd library. (CVE-2007-3473) Users of gd should upgrade to these updated packages, which contain backported patches which resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id67657
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67657
    titleOracle Linux 4 / 5 : gd (ELSA-2008-0146)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-2055.NASL
    description - Wed Sep 5 2007 Ivana varekova <varekova at redhat.com> 2.0.35-1 - update to 2.0.35 - fix several vulnerabilities #277421 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id27748
    published2007-11-06
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/27748
    titleFedora 7 : gd-2.0.35-1.fc7 (2007-2055)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-19022.NASL
    description - Mon Dec 6 2010 Caolan McNamara <caolanm at redhat.com> - 0.2.8.4-22 - Resolves: rhbz#660161 security issues Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id51414
    published2011-01-05
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/51414
    titleFedora 13 : libwmf-0.2.8.4-22.fc13 (2010-19022)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2008-0146.NASL
    descriptionUpdated gd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The gd package contains a graphics library used for the dynamic creation of images such as PNG and JPEG. Multiple issues were discovered in the gd GIF image-handling code. A carefully-crafted GIF file could cause a crash or possibly execute code with the privileges of the application using the gd library. (CVE-2006-4484, CVE-2007-3475, CVE-2007-3476) An integer overflow was discovered in the gdImageCreateTrueColor() function, leading to incorrect memory allocations. A carefully crafted image could cause a crash or possibly execute code with the privileges of the application using the gd library. (CVE-2007-3472) A buffer over-read flaw was discovered. This could cause a crash in an application using the gd library to render certain strings using a JIS-encoded font. (CVE-2007-0455) A flaw was discovered in the gd PNG image handling code. A truncated PNG image could cause an infinite loop in an application using the gd library. (CVE-2007-2756) A flaw was discovered in the gd X BitMap (XBM) image-handling code. A malformed or truncated XBM image could cause a crash in an application using the gd library. (CVE-2007-3473) Users of gd should upgrade to these updated packages, which contain backported patches which resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id31310
    published2008-02-29
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31310
    titleCentOS 4 / 5 : gd (CESA-2008:0146)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20080228_GD_ON_SL4_X.NASL
    descriptionMultiple issues were discovered in the gd GIF image-handling code. A carefully-crafted GIF file could cause a crash or possibly execute code with the privileges of the application using the gd library. (CVE-2006-4484, CVE-2007-3475, CVE-2007-3476) An integer overflow was discovered in the gdImageCreateTrueColor() function, leading to incorrect memory allocations. A carefully crafted image could cause a crash or possibly execute code with the privileges of the application using the gd library. (CVE-2007-3472) A buffer over-read flaw was discovered. This could cause a crash in an application using the gd library to render certain strings using a JIS-encoded font. (CVE-2007-0455) A flaw was discovered in the gd PNG image handling code. A truncated PNG image could cause an infinite loop in an application using the gd library. (CVE-2007-2756) A flaw was discovered in the gd X BitMap (XBM) image-handling code. A malformed or truncated XBM image could cause a crash in an application using the gd library. (CVE-2007-3473)
    last seen2020-06-01
    modified2020-06-02
    plugin id60367
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60367
    titleScientific Linux Security Update : gd on SL4.x, SL5.x i386/x86_64
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_CA139C7F2A8C11E5A4A5002590263BF5.NASL
    descriptionMitre reports : Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function, a different set of vulnerabilities than CVE-2004-0990. Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font. The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service (CPU consumption) via a crafted PNG image with truncated data, which causes an infinite loop in the png_read_info function in libpng. Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified attack vectors and impact. The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure. The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allow attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value. The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information. Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image. meta.h in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WMF file. Use-after-free vulnerability in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) via a crafted WMF file to the (1) wmf2gd or (2) wmf2eps command. Heap-based buffer overflow in the DecodeImage function in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted
    last seen2020-06-01
    modified2020-06-02
    plugin id84782
    published2015-07-16
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84782
    titleFreeBSD : libwmf -- multiple vulnerabilities (ca139c7f-2a8c-11e5-a4a5-002590263bf5)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0146.NASL
    descriptionUpdated gd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The gd package contains a graphics library used for the dynamic creation of images such as PNG and JPEG. Multiple issues were discovered in the gd GIF image-handling code. A carefully-crafted GIF file could cause a crash or possibly execute code with the privileges of the application using the gd library. (CVE-2006-4484, CVE-2007-3475, CVE-2007-3476) An integer overflow was discovered in the gdImageCreateTrueColor() function, leading to incorrect memory allocations. A carefully crafted image could cause a crash or possibly execute code with the privileges of the application using the gd library. (CVE-2007-3472) A buffer over-read flaw was discovered. This could cause a crash in an application using the gd library to render certain strings using a JIS-encoded font. (CVE-2007-0455) A flaw was discovered in the gd PNG image handling code. A truncated PNG image could cause an infinite loop in an application using the gd library. (CVE-2007-2756) A flaw was discovered in the gd X BitMap (XBM) image-handling code. A malformed or truncated XBM image could cause a crash in an application using the gd library. (CVE-2007-3473) Users of gd should upgrade to these updated packages, which contain backported patches which resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id31306
    published2008-02-28
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31306
    titleRHEL 4 / 5 : gd (RHSA-2008:0146)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-153.NASL
    descriptionGD versions prior to 2.0.35 have a number of bugs which potentially lead to denial of service and possibly other issues. Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified remote attack vectors and impact. (CVE-2007-3472) The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure. (CVE-2007-3473) Multiple unspecified vulnerabilities in the GIF reader in the GD Graphics Library (libgd) before 2.0.35 allow user-assisted remote attackers to have unspecified attack vectors and impact. (CVE-2007-3474) The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map. (CVE-2007-3475) Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault. (CVE-2007-3476) The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allows attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value. (CVE-2007-3477) Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support. (CVE-2007-3478) The security issues related to GIF image handling (CVE-2007-3473, CVE-2007-3474, CVE-2007-3475, CVE-2007-3476) do not affect Corporate 3.0, as the version of GD included in these versions does not include GIF support. Updated packages have been patched to prevent these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id25875
    published2007-08-13
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25875
    titleMandrake Linux Security Advisory : gd (MDKSA-2007:153)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-19033.NASL
    description - Mon Dec 6 2010 Caolan McNamara <caolanm at redhat.com> - 0.2.8.4-27 - Resolves: rhbz#660161 security issues Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id51415
    published2011-01-05
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/51415
    titleFedora 14 : libwmf-0.2.8.4-27.fc14 (2010-19033)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-164.NASL
    descriptionMaurycy Prodeus found an integer overflow vulnerability in the way various PDF viewers processed PDF files. An attacker could create a malicious PDF file that could cause tetex to crash and possibly execute arbitrary code open a user opening the file. In addition, tetex contains an embedded copy of the GD library which suffers from a number of bugs which potentially lead to denial of service and possibly other issues. Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified remote attack vectors and impact. (CVE-2007-3472) The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure. (CVE-2007-3473) Multiple unspecified vulnerabilities in the GIF reader in the GD Graphics Library (libgd) before 2.0.35 allow user-assisted remote attackers to have unspecified attack vectors and impact. (CVE-2007-3474) The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map. (CVE-2007-3475) Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault. (CVE-2007-3476) The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allows attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value. (CVE-2007-3477) Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support. (CVE-2007-3478) Updated packages have been patched to prevent these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id25896
    published2007-08-15
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25896
    titleMandrake Linux Security Advisory : tetex (MDKSA-2007:164)

Oval

accepted2013-04-29T04:15:49.876-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionThe gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure.
familyunix
idoval:org.mitre.oval:def:11806
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleThe gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure.
version27

Redhat

advisories
rhsa
idRHSA-2008:0146
rpms
  • gd-0:2.0.28-5.4E.el4_6.1
  • gd-0:2.0.33-9.4.el5_1.1
  • gd-debuginfo-0:2.0.28-5.4E.el4_6.1
  • gd-debuginfo-0:2.0.33-9.4.el5_1.1
  • gd-devel-0:2.0.28-5.4E.el4_6.1
  • gd-devel-0:2.0.33-9.4.el5_1.1
  • gd-progs-0:2.0.28-5.4E.el4_6.1
  • gd-progs-0:2.0.33-9.4.el5_1.1

Statements

contributorMark J Cox
lastmodified2007-09-05
organizationRed Hat
statementRed Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-3473 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.

References