Vulnerabilities > CVE-2007-3476 - Numeric Errors vulnerability in GD Graphics Library Gdlib

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

gd-graphics-library

CWE-189

nessus

NVD

Published: 2007-06-28

Updated: 2018-10-16

Summary

Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault.

Vulnerable Configurations

Part	Description	Count
Application	Gd_Graphics_Library GD Graphics Library Gdlib *	1

Common Weakness Enumeration (CWE)

CWE-189 - Numeric Errors

Nessus

NASL family	SuSE Local Security Checks
NASL id	SUSE9_11578.NASL
description	This update fixes multiple integer overflows in the gd library. Specially crafted files could leverage them to at least crash gd based applications. (CVE-2007-3472, CVE-2007-3475, CVE-2007-3476, CVE-2007-3477, CVE-2007-3478)
last seen	2020-06-01
modified	2020-06-02
plugin id	41138
published	2009-09-24
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/41138
title	SuSE9 Security Update : gd (YOU Patch Number 11578)

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_6E09999725D811DC878B000C29C5647F.NASL
description	gd had been reported vulnerable to several vulnerabilities : - CVE-2007-3472: Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers has unspecified attack vectors and impact. - CVE-2007-3473: The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure. - CVE-2007-3474: Multiple unspecified vulnerabilities in the GIF reader in the GD Graphics Library (libgd) before 2.0.35 allow user-assisted remote attackers to have unspecified attack vectors and impact. - CVE-2007-3475: The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map. - CVE-2007-3476: Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault. - CVE-2007-3477: The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allows attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value. - CVE-2007-3478: Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support.
last seen	2020-06-01
modified	2020-06-02
plugin id	25633
published	2007-07-01
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/25633
title	FreeBSD : gd -- multiple vulnerabilities (6e099997-25d8-11dc-878b-000c29c5647f)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2007-692.NASL
description	- Wed Sep 5 2007 Ivana Varekova <varekova at redhat.com> - 2.0.35-1 - update to 2.0.35 - fix several vulnerabilities #277421 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	26081
published	2007-09-24
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/26081
title	Fedora Core 6 : gd-2.0.35-1.fc6 (2007-692)

NASL family	SuSE Local Security Checks
NASL id	SUSE9_11666.NASL
description	This update fixes multiple bugs in PHP : - Predictable generaton of an initialization vector (IV) in the mcrypt extension - Additional cookie attributes could be injected via a session ID. - Specially crafted files could cause integer overflows in gd and leverage them to at least crash gd based applications. This update covers CVE IDs CVE-2007-2727, CVE-2007-3472, CVE-2007-3475, CVE-2007-3476 CVE-2007-3477, CVE-2007-3478 and CVE-2007-3799.
last seen	2020-06-01
modified	2020-06-02
plugin id	41143
published	2009-09-24
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/41143
title	SuSE9 Security Update : PHP4 (YOU Patch Number 11666)

NASL family	SuSE Local Security Checks
NASL id	SUSE_GD-3895.NASL
description	This update fixes multiple integer overflows in the gd library. Specially crafted files could leverage them to at least crash gd based applications. (CVE-2007-3472 / CVE-2007-3475 / CVE-2007-3476 / CVE-2007-3477 / CVE-2007-3478)
last seen	2020-06-01
modified	2020-06-02
plugin id	29440
published	2007-12-13
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/29440
title	SuSE 10 Security Update : gd (ZYPP Patch Number 3895)

NASL family	SuSE Local Security Checks
NASL id	SUSE_GD-3896.NASL
description	This update fixes multiple integer overflows in the gd library. Specially crafted files could leverage them to at least crash gd based applications (CVE-2007-3472, CVE-2007-3475, CVE-2007-3476, CVE-2007-3477, CVE-2007-3478).
last seen	2020-06-01
modified	2020-06-02
plugin id	27231
published	2007-10-17
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/27231
title	openSUSE 10 Security Update : gd (gd-3896)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-200708-05.NASL
description	The remote host is affected by the vulnerability described in GLSA-200708-05 (GD: Multiple vulnerabilities) Xavier Roche discovered an infinite loop in the gdPngReadData() function when processing a truncated PNG file (CVE-2007-2756). An integer overflow has been discovered in the gdImageCreateTrueColor() function (CVE-2007-3472). An error has been discovered in the function gdImageCreateXbm() function (CVE-2007-3473). Unspecified vulnerabilities have been discovered in the GIF reader (CVE-2007-3474). An error has been discovered when processing a GIF image that has no global color map (CVE-2007-3475). An array index error has been discovered in the file gd_gif_in.c when processing images with an invalid color index (CVE-2007-3476). An error has been discovered in the imagearc() and imagefilledarc() functions when processing overly large angle values (CVE-2007-3477). A race condition has been discovered in the gdImageStringFTEx() function (CVE-2007-3478). Impact : A remote attacker could exploit one of these vulnerabilities to cause a Denial of Service or possibly execute arbitrary code with the privileges of the user running GD. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	25870
published	2007-08-13
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/25870
title	GLSA-200708-05 : GD: Multiple vulnerabilities

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2008-0146.NASL
description	From Red Hat Security Advisory 2008:0146 : Updated gd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The gd package contains a graphics library used for the dynamic creation of images such as PNG and JPEG. Multiple issues were discovered in the gd GIF image-handling code. A carefully-crafted GIF file could cause a crash or possibly execute code with the privileges of the application using the gd library. (CVE-2006-4484, CVE-2007-3475, CVE-2007-3476) An integer overflow was discovered in the gdImageCreateTrueColor() function, leading to incorrect memory allocations. A carefully crafted image could cause a crash or possibly execute code with the privileges of the application using the gd library. (CVE-2007-3472) A buffer over-read flaw was discovered. This could cause a crash in an application using the gd library to render certain strings using a JIS-encoded font. (CVE-2007-0455) A flaw was discovered in the gd PNG image handling code. A truncated PNG image could cause an infinite loop in an application using the gd library. (CVE-2007-2756) A flaw was discovered in the gd X BitMap (XBM) image-handling code. A malformed or truncated XBM image could cause a crash in an application using the gd library. (CVE-2007-3473) Users of gd should upgrade to these updated packages, which contain backported patches which resolve these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	67657
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/67657
title	Oracle Linux 4 / 5 : gd (ELSA-2008-0146)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2007-2055.NASL
description	- Wed Sep 5 2007 Ivana varekova <varekova at redhat.com> 2.0.35-1 - update to 2.0.35 - fix several vulnerabilities #277421 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	27748
published	2007-11-06
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/27748
title	Fedora 7 : gd-2.0.35-1.fc7 (2007-2055)

NASL family	SuSE Local Security Checks
NASL id	SUSE_APACHE2-MOD_PHP5-3979.NASL
description	This update fixes multiple bugs in php : - predictable generaton of an initialization vector (IV) in the mcrypt extension - additional cookie attributes could be injected via a session id - specially crafted files could cause integer overflows in gd and leverage them to at least crash gd based applications - insufficient validation of parmeters in the substr_count function - predictable generaton of an initialization vector (IV) in the soap extension CVE-2007-2727, CVE-2007-2748, CVE-2007-2728, CVE-2007-3472 CVE-2007-3475, CVE-2007-3476, CVE-2007-3477, CVE-2007-3478 CVE-2007-3799
last seen	2020-06-01
modified	2020-06-02
plugin id	27152
published	2007-10-17
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/27152
title	openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-3979)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2010-19022.NASL
description	- Mon Dec 6 2010 Caolan McNamara <caolanm at redhat.com> - 0.2.8.4-22 - Resolves: rhbz#660161 security issues Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	51414
published	2011-01-05
reporter	This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/51414
title	Fedora 13 : libwmf-0.2.8.4-22.fc13 (2010-19022)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2008-0146.NASL
description	Updated gd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The gd package contains a graphics library used for the dynamic creation of images such as PNG and JPEG. Multiple issues were discovered in the gd GIF image-handling code. A carefully-crafted GIF file could cause a crash or possibly execute code with the privileges of the application using the gd library. (CVE-2006-4484, CVE-2007-3475, CVE-2007-3476) An integer overflow was discovered in the gdImageCreateTrueColor() function, leading to incorrect memory allocations. A carefully crafted image could cause a crash or possibly execute code with the privileges of the application using the gd library. (CVE-2007-3472) A buffer over-read flaw was discovered. This could cause a crash in an application using the gd library to render certain strings using a JIS-encoded font. (CVE-2007-0455) A flaw was discovered in the gd PNG image handling code. A truncated PNG image could cause an infinite loop in an application using the gd library. (CVE-2007-2756) A flaw was discovered in the gd X BitMap (XBM) image-handling code. A malformed or truncated XBM image could cause a crash in an application using the gd library. (CVE-2007-3473) Users of gd should upgrade to these updated packages, which contain backported patches which resolve these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	31310
published	2008-02-29
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/31310
title	CentOS 4 / 5 : gd (CESA-2008:0146)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20080228_GD_ON_SL4_X.NASL
description	Multiple issues were discovered in the gd GIF image-handling code. A carefully-crafted GIF file could cause a crash or possibly execute code with the privileges of the application using the gd library. (CVE-2006-4484, CVE-2007-3475, CVE-2007-3476) An integer overflow was discovered in the gdImageCreateTrueColor() function, leading to incorrect memory allocations. A carefully crafted image could cause a crash or possibly execute code with the privileges of the application using the gd library. (CVE-2007-3472) A buffer over-read flaw was discovered. This could cause a crash in an application using the gd library to render certain strings using a JIS-encoded font. (CVE-2007-0455) A flaw was discovered in the gd PNG image handling code. A truncated PNG image could cause an infinite loop in an application using the gd library. (CVE-2007-2756) A flaw was discovered in the gd X BitMap (XBM) image-handling code. A malformed or truncated XBM image could cause a crash in an application using the gd library. (CVE-2007-3473)
last seen	2020-06-01
modified	2020-06-02
plugin id	60367
published	2012-08-01
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/60367
title	Scientific Linux Security Update : gd on SL4.x, SL5.x i386/x86_64

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2008-0146.NASL
description	Updated gd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The gd package contains a graphics library used for the dynamic creation of images such as PNG and JPEG. Multiple issues were discovered in the gd GIF image-handling code. A carefully-crafted GIF file could cause a crash or possibly execute code with the privileges of the application using the gd library. (CVE-2006-4484, CVE-2007-3475, CVE-2007-3476) An integer overflow was discovered in the gdImageCreateTrueColor() function, leading to incorrect memory allocations. A carefully crafted image could cause a crash or possibly execute code with the privileges of the application using the gd library. (CVE-2007-3472) A buffer over-read flaw was discovered. This could cause a crash in an application using the gd library to render certain strings using a JIS-encoded font. (CVE-2007-0455) A flaw was discovered in the gd PNG image handling code. A truncated PNG image could cause an infinite loop in an application using the gd library. (CVE-2007-2756) A flaw was discovered in the gd X BitMap (XBM) image-handling code. A malformed or truncated XBM image could cause a crash in an application using the gd library. (CVE-2007-3473) Users of gd should upgrade to these updated packages, which contain backported patches which resolve these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	31306
published	2008-02-28
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/31306
title	RHEL 4 / 5 : gd (RHSA-2008:0146)

NASL family	Mandriva Local Security Checks
NASL id	MANDRAKE_MDKSA-2007-153.NASL
description	GD versions prior to 2.0.35 have a number of bugs which potentially lead to denial of service and possibly other issues. Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified remote attack vectors and impact. (CVE-2007-3472) The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure. (CVE-2007-3473) Multiple unspecified vulnerabilities in the GIF reader in the GD Graphics Library (libgd) before 2.0.35 allow user-assisted remote attackers to have unspecified attack vectors and impact. (CVE-2007-3474) The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map. (CVE-2007-3475) Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault. (CVE-2007-3476) The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allows attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value. (CVE-2007-3477) Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support. (CVE-2007-3478) The security issues related to GIF image handling (CVE-2007-3473, CVE-2007-3474, CVE-2007-3475, CVE-2007-3476) do not affect Corporate 3.0, as the version of GD included in these versions does not include GIF support. Updated packages have been patched to prevent these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	25875
published	2007-08-13
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/25875
title	Mandrake Linux Security Advisory : gd (MDKSA-2007:153)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2010-19033.NASL
description	- Mon Dec 6 2010 Caolan McNamara <caolanm at redhat.com> - 0.2.8.4-27 - Resolves: rhbz#660161 security issues Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	51415
published	2011-01-05
reporter	This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/51415
title	Fedora 14 : libwmf-0.2.8.4-27.fc14 (2010-19033)

NASL family	SuSE Local Security Checks
NASL id	SUSE_APACHE2-MOD_PHP5-3980.NASL
description	This update fixes multiple bugs in php : - predictable generaton of an initialization vector (IV) in the mcrypt extension - additional cookie attributes could be injected via a session id - specially crafted files could cause integer overflows in gd and leverage them to at least crash gd based applications - insufficient validation of parmeters in the substr_count function - predictable generaton of an initialization vector (IV) in the soap extension CVE-2007-2727 / CVE-2007-2748 / CVE-2007-2728 / CVE-2007-3472 / CVE-2007-3475 / CVE-2007-3476 / CVE-2007-3477 / CVE-2007-3478 / CVE-2007-3799
last seen	2020-06-01
modified	2020-06-02
plugin id	29379
published	2007-12-13
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/29379
title	SuSE 10 Security Update : PHP5 (ZYPP Patch Number 3980)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-854-1.NASL
description	Tomas Hoger discovered that the GD library did not properly handle the number of colors in certain malformed GD images. If a user or automated system were tricked into processing a specially crafted GD image, an attacker could cause a denial of service or possibly execute arbitrary code. (CVE-2009-3546) It was discovered that the GD library did not properly handle incorrect color indexes. An attacker could send specially crafted input to applications linked against libgd2 and cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 6.06 LTS. (CVE-2009-3293) It was discovered that the GD library did not properly handle certain malformed GIF images. If a user or automated system were tricked into processing a specially crafted GIF image, an attacker could cause a denial of service. This issue only affected Ubuntu 6.06 LTS. (CVE-2007-3475, CVE-2007-3476) It was discovered that the GD library did not properly handle large angle degree values. An attacker could send specially crafted input to applications linked against libgd2 and cause a denial of service. This issue only affected Ubuntu 6.06 LTS. (CVE-2007-3477). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	42407
published	2009-11-06
reporter	Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/42407
title	Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : libgd2 vulnerabilities (USN-854-1)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-1613.NASL
description	Multiple vulnerabilities have been identified in libgd2, a library for programmatic graphics creation and manipulation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-2445 Grayscale PNG files containing invalid tRNS chunk CRC values could cause a denial of service (crash), if a maliciously crafted image is loaded into an application using libgd. - CVE-2007-3476 An array indexing error in libgd
last seen	2020-06-01
modified	2020-06-02
plugin id	33552
published	2008-07-23
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/33552
title	Debian DSA-1613-1 : libgd2 - multiple vulnerabilities

NASL family	Mandriva Local Security Checks
NASL id	MANDRAKE_MDKSA-2007-164.NASL
description	Maurycy Prodeus found an integer overflow vulnerability in the way various PDF viewers processed PDF files. An attacker could create a malicious PDF file that could cause tetex to crash and possibly execute arbitrary code open a user opening the file. In addition, tetex contains an embedded copy of the GD library which suffers from a number of bugs which potentially lead to denial of service and possibly other issues. Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified remote attack vectors and impact. (CVE-2007-3472) The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure. (CVE-2007-3473) Multiple unspecified vulnerabilities in the GIF reader in the GD Graphics Library (libgd) before 2.0.35 allow user-assisted remote attackers to have unspecified attack vectors and impact. (CVE-2007-3474) The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map. (CVE-2007-3475) Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault. (CVE-2007-3476) The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allows attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value. (CVE-2007-3477) Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support. (CVE-2007-3478) Updated packages have been patched to prevent these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	25896
published	2007-08-15
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/25896
title	Mandrake Linux Security Advisory : tetex (MDKSA-2007:164)

NASL family	SuSE Local Security Checks
NASL id	SUSE_APACHE2-MOD_PHP5-3978.NASL
description	This update fixes multiple bugs in php : - predictable generaton of an initialization vector (IV) in the mcrypt extension - additional cookie attributes could be injected via a session id - specially crafted files could cause integer overflows in gd and leverage them to at least crash gd based applications - insufficient validation of parmeters in the substr_count function - predictable generaton of an initialization vector (IV) in the soap extension CVE-2007-2727, CVE-2007-2748, CVE-2007-2728, CVE-2007-3472 CVE-2007-3475, CVE-2007-3476, CVE-2007-3477, CVE-2007-3478 CVE-2007-3799
last seen	2020-06-01
modified	2020-06-02
plugin id	27151
published	2007-10-17
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/27151
title	openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-3978)

Oval

accepted

2013-04-29T04:04:52.606-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990
comment The operating system installed on the system is Red Hat Enterprise Linux 5
oval oval:org.mitre.oval:def:11414
comment The operating system installed on the system is CentOS Linux 5.x
oval oval:org.mitre.oval:def:15802
comment Oracle Linux 5.x
oval oval:org.mitre.oval:def:15459

description

family

unix

oval:org.mitre.oval:def:10348

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

Redhat

advisories

bugzilla

id	431568
title	CVE-2006-4484 gd: GIF handling buffer overflow

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 4 is installed
oval oval:com.redhat.rhba:tst:20070304025

AND
comment gd-devel is earlier than 0:2.0.28-5.4E.el4_6.1
oval oval:com.redhat.rhsa:tst:20080146001
comment gd-devel is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060194004
AND
comment gd-progs is earlier than 0:2.0.28-5.4E.el4_6.1
oval oval:com.redhat.rhsa:tst:20080146003
comment gd-progs is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060194002
AND
comment gd is earlier than 0:2.0.28-5.4E.el4_6.1
oval oval:com.redhat.rhsa:tst:20080146005
comment gd is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060194006

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331005

AND
comment gd is earlier than 0:2.0.33-9.4.el5_1.1
oval oval:com.redhat.rhsa:tst:20080146008
comment gd is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20080146009
AND
comment gd-progs is earlier than 0:2.0.33-9.4.el5_1.1
oval oval:com.redhat.rhsa:tst:20080146010
comment gd-progs is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20080146011
AND
comment gd-devel is earlier than 0:2.0.33-9.4.el5_1.1
oval oval:com.redhat.rhsa:tst:20080146012
comment gd-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20080146013

rhsa

id	RHSA-2008:0146
released	2008-02-28
severity	Moderate
title	RHSA-2008:0146: gd security update (Moderate)

rpms

gd-0:2.0.28-5.4E.el4_6.1
gd-0:2.0.33-9.4.el5_1.1
gd-debuginfo-0:2.0.28-5.4E.el4_6.1
gd-debuginfo-0:2.0.33-9.4.el5_1.1
gd-devel-0:2.0.28-5.4E.el4_6.1
gd-devel-0:2.0.33-9.4.el5_1.1
gd-progs-0:2.0.28-5.4E.el4_6.1
gd-progs-0:2.0.33-9.4.el5_1.1

Statements

contributor	Mark J Cox
lastmodified	2007-09-05
organization	Red Hat
statement	Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-3476 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

Oval

Redhat

Statements

References