Vulnerabilities > CVE-2007-3474 - Unspecified vulnerability in Libgd GD Graphics Library 2.0.33/2.0.34/2.0.35

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

nessus

NVD

Published: 2007-06-28

Updated: 2024-11-21

Summary

Multiple unspecified vulnerabilities in the GIF reader in the GD Graphics Library (libgd) before 2.0.35 have unspecified impact and user-assisted remote attack vectors.

Vulnerable Configurations

Part	Description	Count
Application	Libgd Libgd GD Graphics Library 2.0.34 Libgd GD Graphics Library 2.0.33 Libgd GD Graphics Library 2.0.35 Libgd GD Graphics Library *	9

Nessus

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_6E09999725D811DC878B000C29C5647F.NASL
description	gd had been reported vulnerable to several vulnerabilities : - CVE-2007-3472: Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers has unspecified attack vectors and impact. - CVE-2007-3473: The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure. - CVE-2007-3474: Multiple unspecified vulnerabilities in the GIF reader in the GD Graphics Library (libgd) before 2.0.35 allow user-assisted remote attackers to have unspecified attack vectors and impact. - CVE-2007-3475: The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map. - CVE-2007-3476: Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault. - CVE-2007-3477: The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allows attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value. - CVE-2007-3478: Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support.
last seen	2020-06-01
modified	2020-06-02
plugin id	25633
published	2007-07-01
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/25633
title	FreeBSD : gd -- multiple vulnerabilities (6e099997-25d8-11dc-878b-000c29c5647f)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(25633); script_version("1.18"); script_cvs_date("Date: 2019/08/02 13:32:38"); script_cve_id("CVE-2007-3472", "CVE-2007-3473", "CVE-2007-3474", "CVE-2007-3475", "CVE-2007-3476", "CVE-2007-3477", "CVE-2007-3478"); script_name(english:"FreeBSD : gd -- multiple vulnerabilities (6e099997-25d8-11dc-878b-000c29c5647f)"); script_summary(english:"Checks for updated package in pkg_info output"); script_set_attribute( attribute:"synopsis", value:"The remote FreeBSD host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "gd had been reported vulnerable to several vulnerabilities : - CVE-2007-3472: Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers has unspecified attack vectors and impact. - CVE-2007-3473: The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure. - CVE-2007-3474: Multiple unspecified vulnerabilities in the GIF reader in the GD Graphics Library (libgd) before 2.0.35 allow user-assisted remote attackers to have unspecified attack vectors and impact. - CVE-2007-3475: The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map. - CVE-2007-3476: Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault. - CVE-2007-3477: The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allows attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value. - CVE-2007-3478: Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support." ); # http://www.libgd.org/ReleaseNote020035 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9fa888e5" ); # http://www.frsirt.com/english/advisories/2007/2336 script_set_attribute( attribute:"see_also", value:"http://www.frsirt.com" ); script_set_attribute( attribute:"see_also", value:"http://bugs.libgd.org/?do=details&task_id=89" ); script_set_attribute( attribute:"see_also", value:"http://bugs.libgd.org/?do=details&task_id=94" ); script_set_attribute( attribute:"see_also", value:"http://bugs.libgd.org/?do=details&task_id=70" ); script_set_attribute( attribute:"see_also", value:"http://bugs.libgd.org/?do=details&task_id=87" ); script_set_attribute( attribute:"see_also", value:"http://bugs.libgd.org/?do=details&task_id=92" ); script_set_attribute( attribute:"see_also", value:"http://bugs.libgd.org/?do=details&task_id=74" ); script_set_attribute( attribute:"see_also", value:"http://bugs.libgd.org/?do=details&task_id=48" ); # http://bugs.php.net/bug.php?id=40578 script_set_attribute( attribute:"see_also", value:"https://bugs.php.net/bug.php?id=40578" ); # https://vuxml.freebsd.org/freebsd/6e099997-25d8-11dc-878b-000c29c5647f.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?1fa6faa1" ); script_set_attribute(attribute:"solution", value:"Update the affected package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_cwe_id(189, 362, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:gd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/06/21"); script_set_attribute(attribute:"patch_publication_date", value:"2007/06/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/07/01"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"gd<2.0.35,1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2007-692.NASL
description	- Wed Sep 5 2007 Ivana Varekova <varekova at redhat.com> - 2.0.35-1 - update to 2.0.35 - fix several vulnerabilities #277421 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	26081
published	2007-09-24
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/26081
title	Fedora Core 6 : gd-2.0.35-1.fc6 (2007-692)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-200708-05.NASL
description	The remote host is affected by the vulnerability described in GLSA-200708-05 (GD: Multiple vulnerabilities) Xavier Roche discovered an infinite loop in the gdPngReadData() function when processing a truncated PNG file (CVE-2007-2756). An integer overflow has been discovered in the gdImageCreateTrueColor() function (CVE-2007-3472). An error has been discovered in the function gdImageCreateXbm() function (CVE-2007-3473). Unspecified vulnerabilities have been discovered in the GIF reader (CVE-2007-3474). An error has been discovered when processing a GIF image that has no global color map (CVE-2007-3475). An array index error has been discovered in the file gd_gif_in.c when processing images with an invalid color index (CVE-2007-3476). An error has been discovered in the imagearc() and imagefilledarc() functions when processing overly large angle values (CVE-2007-3477). A race condition has been discovered in the gdImageStringFTEx() function (CVE-2007-3478). Impact : A remote attacker could exploit one of these vulnerabilities to cause a Denial of Service or possibly execute arbitrary code with the privileges of the user running GD. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	25870
published	2007-08-13
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/25870
title	GLSA-200708-05 : GD: Multiple vulnerabilities

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2007-2055.NASL
description	- Wed Sep 5 2007 Ivana varekova <varekova at redhat.com> 2.0.35-1 - update to 2.0.35 - fix several vulnerabilities #277421 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	27748
published	2007-11-06
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/27748
title	Fedora 7 : gd-2.0.35-1.fc7 (2007-2055)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2010-19022.NASL
description	- Mon Dec 6 2010 Caolan McNamara <caolanm at redhat.com> - 0.2.8.4-22 - Resolves: rhbz#660161 security issues Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	51414
published	2011-01-05
reporter	This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/51414
title	Fedora 13 : libwmf-0.2.8.4-22.fc13 (2010-19022)

NASL family	Mandriva Local Security Checks
NASL id	MANDRAKE_MDKSA-2007-153.NASL
description	GD versions prior to 2.0.35 have a number of bugs which potentially lead to denial of service and possibly other issues. Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified remote attack vectors and impact. (CVE-2007-3472) The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure. (CVE-2007-3473) Multiple unspecified vulnerabilities in the GIF reader in the GD Graphics Library (libgd) before 2.0.35 allow user-assisted remote attackers to have unspecified attack vectors and impact. (CVE-2007-3474) The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map. (CVE-2007-3475) Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault. (CVE-2007-3476) The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allows attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value. (CVE-2007-3477) Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support. (CVE-2007-3478) The security issues related to GIF image handling (CVE-2007-3473, CVE-2007-3474, CVE-2007-3475, CVE-2007-3476) do not affect Corporate 3.0, as the version of GD included in these versions does not include GIF support. Updated packages have been patched to prevent these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	25875
published	2007-08-13
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/25875
title	Mandrake Linux Security Advisory : gd (MDKSA-2007:153)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2010-19033.NASL
description	- Mon Dec 6 2010 Caolan McNamara <caolanm at redhat.com> - 0.2.8.4-27 - Resolves: rhbz#660161 security issues Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	51415
published	2011-01-05
reporter	This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/51415
title	Fedora 14 : libwmf-0.2.8.4-27.fc14 (2010-19033)

NASL family	Mandriva Local Security Checks
NASL id	MANDRAKE_MDKSA-2007-164.NASL
description	Maurycy Prodeus found an integer overflow vulnerability in the way various PDF viewers processed PDF files. An attacker could create a malicious PDF file that could cause tetex to crash and possibly execute arbitrary code open a user opening the file. In addition, tetex contains an embedded copy of the GD library which suffers from a number of bugs which potentially lead to denial of service and possibly other issues. Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified remote attack vectors and impact. (CVE-2007-3472) The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure. (CVE-2007-3473) Multiple unspecified vulnerabilities in the GIF reader in the GD Graphics Library (libgd) before 2.0.35 allow user-assisted remote attackers to have unspecified attack vectors and impact. (CVE-2007-3474) The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map. (CVE-2007-3475) Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault. (CVE-2007-3476) The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allows attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value. (CVE-2007-3477) Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support. (CVE-2007-3478) Updated packages have been patched to prevent these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	25896
published	2007-08-15
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/25896
title	Mandrake Linux Security Advisory : tetex (MDKSA-2007:164)

Statements

contributor	Mark J Cox
lastmodified	2008-02-14
organization	Red Hat
statement	This issue did not affect the versions of gd as shipped with Red Hat Enterprise Linux 2.1 or 3 as they did not offer GIF image support. We do not plan to backport a fix for this issue to the gd packages as shipped in Red Hat Enterprise Linux 4 and 5 due to the low likelihood of an application affected by this problem being exposed in a way that would allow a trust boundary to be crossed.

References

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.