Vulnerabilites related to gd_graphics_library - gdlib
cve-2004-0941
Vulnerability from cvelistv5
Published
2004-11-19 05:00
Modified
2024-08-08 00:31
Severity ?
Summary
Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function, a different set of vulnerabilities than CVE-2004-0990.
References
http://www.redhat.com/support/errata/RHSA-2006-0194.htmlvendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/11663vdb-entry, x_refsource_BID
http://www.ciac.org/ciac/bulletins/p-071.shtmlthird-party-advisory, government-resource, x_refsource_CIAC
http://secunia.com/advisories/21050third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2004-638.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/13179/third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-2006:113vendor-advisory, x_refsource_MANDRIVA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11176vdb-entry, signature, x_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1195vdb-entry, signature, x_refsource_OVAL
http://www.trustix.org/errata/2004/0058vendor-advisory, x_refsource_TRUSTIX
http://www.mandriva.com/security/advisories?name=MDKSA-2006:114vendor-advisory, x_refsource_MANDRIVA
http://www.debian.org/security/2004/dsa-601vendor-advisory, x_refsource_DEBIAN
http://www.mandriva.com/security/advisories?name=MDKSA-2006:122vendor-advisory, x_refsource_MANDRIVA
https://www.ubuntu.com/usn/usn-25-1/vendor-advisory, x_refsource_UBUNTU
https://exchange.xforce.ibmcloud.com/vulnerabilities/18048vdb-entry, x_refsource_XF
http://secunia.com/advisories/18686third-party-advisory, x_refsource_SECUNIA
https://www.ubuntu.com/usn/usn-33-1/vendor-advisory, x_refsource_UBUNTU
http://secunia.com/advisories/20824third-party-advisory, x_refsource_SECUNIA
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:31:48.138Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2006:0194",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0194.html"
          },
          {
            "name": "11663",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/11663"
          },
          {
            "name": "P-071",
            "tags": [
              "third-party-advisory",
              "government-resource",
              "x_refsource_CIAC",
              "x_transferred"
            ],
            "url": "http://www.ciac.org/ciac/bulletins/p-071.shtml"
          },
          {
            "name": "21050",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21050"
          },
          {
            "name": "RHSA-2004:638",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2004-638.html"
          },
          {
            "name": "13179",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/13179/"
          },
          {
            "name": "MDKSA-2006:113",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:113"
          },
          {
            "name": "oval:org.mitre.oval:def:11176",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11176"
          },
          {
            "name": "oval:org.mitre.oval:def:1195",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1195"
          },
          {
            "name": "2004-0058",
            "tags": [
              "vendor-advisory",
              "x_refsource_TRUSTIX",
              "x_transferred"
            ],
            "url": "http://www.trustix.org/errata/2004/0058"
          },
          {
            "name": "MDKSA-2006:114",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:114"
          },
          {
            "name": "DSA-601",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2004/dsa-601"
          },
          {
            "name": "MDKSA-2006:122",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:122"
          },
          {
            "name": "USN-25-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://www.ubuntu.com/usn/usn-25-1/"
          },
          {
            "name": "gd-graphics-gdmalloc-bo(18048)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18048"
          },
          {
            "name": "18686",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18686"
          },
          {
            "name": "USN-33-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://www.ubuntu.com/usn/usn-33-1/"
          },
          {
            "name": "20824",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20824"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-11-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function, a different set of vulnerabilities than CVE-2004-0990."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2006:0194",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0194.html"
        },
        {
          "name": "11663",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/11663"
        },
        {
          "name": "P-071",
          "tags": [
            "third-party-advisory",
            "government-resource",
            "x_refsource_CIAC"
          ],
          "url": "http://www.ciac.org/ciac/bulletins/p-071.shtml"
        },
        {
          "name": "21050",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21050"
        },
        {
          "name": "RHSA-2004:638",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2004-638.html"
        },
        {
          "name": "13179",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/13179/"
        },
        {
          "name": "MDKSA-2006:113",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:113"
        },
        {
          "name": "oval:org.mitre.oval:def:11176",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11176"
        },
        {
          "name": "oval:org.mitre.oval:def:1195",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1195"
        },
        {
          "name": "2004-0058",
          "tags": [
            "vendor-advisory",
            "x_refsource_TRUSTIX"
          ],
          "url": "http://www.trustix.org/errata/2004/0058"
        },
        {
          "name": "MDKSA-2006:114",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:114"
        },
        {
          "name": "DSA-601",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2004/dsa-601"
        },
        {
          "name": "MDKSA-2006:122",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:122"
        },
        {
          "name": "USN-25-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://www.ubuntu.com/usn/usn-25-1/"
        },
        {
          "name": "gd-graphics-gdmalloc-bo(18048)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18048"
        },
        {
          "name": "18686",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18686"
        },
        {
          "name": "USN-33-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://www.ubuntu.com/usn/usn-33-1/"
        },
        {
          "name": "20824",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20824"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-0941",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function, a different set of vulnerabilities than CVE-2004-0990."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2006:0194",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0194.html"
            },
            {
              "name": "11663",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/11663"
            },
            {
              "name": "P-071",
              "refsource": "CIAC",
              "url": "http://www.ciac.org/ciac/bulletins/p-071.shtml"
            },
            {
              "name": "21050",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21050"
            },
            {
              "name": "RHSA-2004:638",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2004-638.html"
            },
            {
              "name": "13179",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/13179/"
            },
            {
              "name": "MDKSA-2006:113",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:113"
            },
            {
              "name": "oval:org.mitre.oval:def:11176",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11176"
            },
            {
              "name": "oval:org.mitre.oval:def:1195",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1195"
            },
            {
              "name": "2004-0058",
              "refsource": "TRUSTIX",
              "url": "http://www.trustix.org/errata/2004/0058"
            },
            {
              "name": "MDKSA-2006:114",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:114"
            },
            {
              "name": "DSA-601",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2004/dsa-601"
            },
            {
              "name": "MDKSA-2006:122",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:122"
            },
            {
              "name": "USN-25-1",
              "refsource": "UBUNTU",
              "url": "https://www.ubuntu.com/usn/usn-25-1/"
            },
            {
              "name": "gd-graphics-gdmalloc-bo(18048)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18048"
            },
            {
              "name": "18686",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18686"
            },
            {
              "name": "USN-33-1",
              "refsource": "UBUNTU",
              "url": "https://www.ubuntu.com/usn/usn-33-1/"
            },
            {
              "name": "20824",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20824"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-0941",
    "datePublished": "2004-11-19T05:00:00",
    "dateReserved": "2004-10-12T00:00:00",
    "dateUpdated": "2024-08-08T00:31:48.138Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2004-0990
Vulnerability from cvelistv5
Published
2004-10-28 04:00
Modified
2024-08-08 00:39
Severity ?
Summary
Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941.
References
http://www.ciac.org/ciac/bulletins/p-071.shtmlthird-party-advisory, government-resource, x_refsource_CIAC
http://secunia.com/advisories/23783third-party-advisory, x_refsource_SECUNIA
http://www.osvdb.org/11190vdb-entry, x_refsource_OSVDB
http://secunia.com/advisories/21050third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/11523vdb-entry, x_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/17866vdb-entry, x_refsource_XF
http://www.redhat.com/support/errata/RHSA-2004-638.htmlvendor-advisory, x_refsource_REDHAT
http://www.debian.org/security/2004/dsa-602vendor-advisory, x_refsource_DEBIAN
http://www.mandriva.com/security/advisories?name=MDKSA-2006:113vendor-advisory, x_refsource_MANDRIVA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1260vdb-entry, signature, x_refsource_OVAL
http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.htmlvendor-advisory, x_refsource_SUSE
http://www.trustix.org/errata/2004/0058vendor-advisory, x_refsource_TRUSTIX
https://issues.rpath.com/browse/RPL-939x_refsource_CONFIRM
http://www.debian.org/security/2004/dsa-589vendor-advisory, x_refsource_DEBIAN
http://www.mandriva.com/security/advisories?name=MDKSA-2006:114vendor-advisory, x_refsource_MANDRIVA
http://www.debian.org/security/2004/dsa-601vendor-advisory, x_refsource_DEBIAN
http://www.mandriva.com/security/advisories?name=MDKSA-2004:132vendor-advisory, x_refsource_MANDRAKE
http://secunia.com/advisories/18717third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-2006:122vendor-advisory, x_refsource_MANDRIVA
https://www.ubuntu.com/usn/usn-25-1/vendor-advisory, x_refsource_UBUNTU
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9952vdb-entry, signature, x_refsource_OVAL
http://marc.info/?l=bugtraq&m=109882489302099&w=2mailing-list, x_refsource_BUGTRAQ
https://www.ubuntu.com/usn/usn-11-1/vendor-advisory, x_refsource_UBUNTU
http://secunia.com/advisories/20824third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2004/dsa-591vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/20866third-party-advisory, x_refsource_SECUNIA
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:39:00.367Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "P-071",
            "tags": [
              "third-party-advisory",
              "government-resource",
              "x_refsource_CIAC",
              "x_transferred"
            ],
            "url": "http://www.ciac.org/ciac/bulletins/p-071.shtml"
          },
          {
            "name": "23783",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23783"
          },
          {
            "name": "11190",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/11190"
          },
          {
            "name": "21050",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21050"
          },
          {
            "name": "11523",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/11523"
          },
          {
            "name": "gd-png-bo(17866)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17866"
          },
          {
            "name": "RHSA-2004:638",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2004-638.html"
          },
          {
            "name": "DSA-602",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2004/dsa-602"
          },
          {
            "name": "MDKSA-2006:113",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:113"
          },
          {
            "name": "oval:org.mitre.oval:def:1260",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1260"
          },
          {
            "name": "SUSE-SR:2006:003",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html"
          },
          {
            "name": "2004-0058",
            "tags": [
              "vendor-advisory",
              "x_refsource_TRUSTIX",
              "x_transferred"
            ],
            "url": "http://www.trustix.org/errata/2004/0058"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-939"
          },
          {
            "name": "DSA-589",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2004/dsa-589"
          },
          {
            "name": "MDKSA-2006:114",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:114"
          },
          {
            "name": "DSA-601",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2004/dsa-601"
          },
          {
            "name": "MDKSA-2004:132",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:132"
          },
          {
            "name": "18717",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18717"
          },
          {
            "name": "MDKSA-2006:122",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:122"
          },
          {
            "name": "USN-25-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://www.ubuntu.com/usn/usn-25-1/"
          },
          {
            "name": "oval:org.mitre.oval:def:9952",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9952"
          },
          {
            "name": "20041026 libgd integer overflow",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=109882489302099\u0026w=2"
          },
          {
            "name": "USN-11-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://www.ubuntu.com/usn/usn-11-1/"
          },
          {
            "name": "20824",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20824"
          },
          {
            "name": "DSA-591",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2004/dsa-591"
          },
          {
            "name": "20866",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20866"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-10-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "P-071",
          "tags": [
            "third-party-advisory",
            "government-resource",
            "x_refsource_CIAC"
          ],
          "url": "http://www.ciac.org/ciac/bulletins/p-071.shtml"
        },
        {
          "name": "23783",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23783"
        },
        {
          "name": "11190",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/11190"
        },
        {
          "name": "21050",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21050"
        },
        {
          "name": "11523",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/11523"
        },
        {
          "name": "gd-png-bo(17866)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17866"
        },
        {
          "name": "RHSA-2004:638",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2004-638.html"
        },
        {
          "name": "DSA-602",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2004/dsa-602"
        },
        {
          "name": "MDKSA-2006:113",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:113"
        },
        {
          "name": "oval:org.mitre.oval:def:1260",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1260"
        },
        {
          "name": "SUSE-SR:2006:003",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html"
        },
        {
          "name": "2004-0058",
          "tags": [
            "vendor-advisory",
            "x_refsource_TRUSTIX"
          ],
          "url": "http://www.trustix.org/errata/2004/0058"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-939"
        },
        {
          "name": "DSA-589",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2004/dsa-589"
        },
        {
          "name": "MDKSA-2006:114",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:114"
        },
        {
          "name": "DSA-601",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2004/dsa-601"
        },
        {
          "name": "MDKSA-2004:132",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:132"
        },
        {
          "name": "18717",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18717"
        },
        {
          "name": "MDKSA-2006:122",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:122"
        },
        {
          "name": "USN-25-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://www.ubuntu.com/usn/usn-25-1/"
        },
        {
          "name": "oval:org.mitre.oval:def:9952",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9952"
        },
        {
          "name": "20041026 libgd integer overflow",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=109882489302099\u0026w=2"
        },
        {
          "name": "USN-11-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://www.ubuntu.com/usn/usn-11-1/"
        },
        {
          "name": "20824",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20824"
        },
        {
          "name": "DSA-591",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2004/dsa-591"
        },
        {
          "name": "20866",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20866"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-0990",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "P-071",
              "refsource": "CIAC",
              "url": "http://www.ciac.org/ciac/bulletins/p-071.shtml"
            },
            {
              "name": "23783",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23783"
            },
            {
              "name": "11190",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/11190"
            },
            {
              "name": "21050",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21050"
            },
            {
              "name": "11523",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/11523"
            },
            {
              "name": "gd-png-bo(17866)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17866"
            },
            {
              "name": "RHSA-2004:638",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2004-638.html"
            },
            {
              "name": "DSA-602",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2004/dsa-602"
            },
            {
              "name": "MDKSA-2006:113",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:113"
            },
            {
              "name": "oval:org.mitre.oval:def:1260",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1260"
            },
            {
              "name": "SUSE-SR:2006:003",
              "refsource": "SUSE",
              "url": "http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html"
            },
            {
              "name": "2004-0058",
              "refsource": "TRUSTIX",
              "url": "http://www.trustix.org/errata/2004/0058"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-939",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-939"
            },
            {
              "name": "DSA-589",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2004/dsa-589"
            },
            {
              "name": "MDKSA-2006:114",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:114"
            },
            {
              "name": "DSA-601",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2004/dsa-601"
            },
            {
              "name": "MDKSA-2004:132",
              "refsource": "MANDRAKE",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:132"
            },
            {
              "name": "18717",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18717"
            },
            {
              "name": "MDKSA-2006:122",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:122"
            },
            {
              "name": "USN-25-1",
              "refsource": "UBUNTU",
              "url": "https://www.ubuntu.com/usn/usn-25-1/"
            },
            {
              "name": "oval:org.mitre.oval:def:9952",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9952"
            },
            {
              "name": "20041026 libgd integer overflow",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=109882489302099\u0026w=2"
            },
            {
              "name": "USN-11-1",
              "refsource": "UBUNTU",
              "url": "https://www.ubuntu.com/usn/usn-11-1/"
            },
            {
              "name": "20824",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20824"
            },
            {
              "name": "DSA-591",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2004/dsa-591"
            },
            {
              "name": "20866",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20866"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-0990",
    "datePublished": "2004-10-28T04:00:00",
    "dateReserved": "2004-10-27T00:00:00",
    "dateUpdated": "2024-08-08T00:39:00.367Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-3478
Vulnerability from cvelistv5
Published
2007-06-28 18:00
Modified
2024-08-07 14:21
Severity ?
Summary
Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support.
References
http://www.trustix.org/errata/2007/0024/vendor-advisory, x_refsource_TRUSTIX
http://www.mandriva.com/security/advisories?name=MDKSA-2007:164vendor-advisory, x_refsource_MANDRIVA
http://bugs.libgd.org/?do=details&task_id=48x_refsource_CONFIRM
http://www.libgd.org/ReleaseNote020035x_refsource_MISC
http://secunia.com/advisories/26415third-party-advisory, x_refsource_SECUNIA
https://issues.rpath.com/browse/RPL-1643x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=277421x_refsource_CONFIRM
http://secunia.com/advisories/25855third-party-advisory, x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-200805-13.xmlvendor-advisory, x_refsource_GENTOO
http://www.securityfocus.com/archive/1/478796/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/26467third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/42813third-party-advisory, x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-200708-05.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/30168third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.htmlvendor-advisory, x_refsource_FEDORA
http://www.vupen.com/english/advisories/2011/0022vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2007/2336vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/26663third-party-advisory, x_refsource_SECUNIA
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.htmlvendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/26856third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/26272third-party-advisory, x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-200711-34.xmlvendor-advisory, x_refsource_GENTOO
http://osvdb.org/37740vdb-entry, x_refsource_OSVDB
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.htmlvendor-advisory, x_refsource_FEDORA
http://www.mandriva.com/security/advisories?name=MDKSA-2007:153vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/26766third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/26390third-party-advisory, x_refsource_SECUNIA
http://www.novell.com/linux/security/advisories/2007_15_sr.htmlvendor-advisory, x_refsource_SUSE
http://bugs.php.net/bug.php?id=40578x_refsource_MISC
http://fedoranews.org/updates/FEDORA-2007-205.shtmlvendor-advisory, x_refsource_FEDORA
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:21:35.683Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "2007-0024",
            "tags": [
              "vendor-advisory",
              "x_refsource_TRUSTIX",
              "x_transferred"
            ],
            "url": "http://www.trustix.org/errata/2007/0024/"
          },
          {
            "name": "MDKSA-2007:164",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:164"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.libgd.org/?do=details\u0026task_id=48"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.libgd.org/ReleaseNote020035"
          },
          {
            "name": "26415",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26415"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-1643"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=277421"
          },
          {
            "name": "25855",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25855"
          },
          {
            "name": "GLSA-200805-13",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"
          },
          {
            "name": "20070907 FLEA-2007-0052-1 gd",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/478796/100/0/threaded"
          },
          {
            "name": "26467",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26467"
          },
          {
            "name": "42813",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42813"
          },
          {
            "name": "GLSA-200708-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200708-05.xml"
          },
          {
            "name": "30168",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30168"
          },
          {
            "name": "FEDORA-2007-692",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html"
          },
          {
            "name": "ADV-2011-0022",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0022"
          },
          {
            "name": "ADV-2007-2336",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2336"
          },
          {
            "name": "26663",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26663"
          },
          {
            "name": "FEDORA-2010-19033",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html"
          },
          {
            "name": "26856",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26856"
          },
          {
            "name": "26272",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26272"
          },
          {
            "name": "GLSA-200711-34",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"
          },
          {
            "name": "37740",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37740"
          },
          {
            "name": "FEDORA-2010-19022",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html"
          },
          {
            "name": "MDKSA-2007:153",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:153"
          },
          {
            "name": "26766",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26766"
          },
          {
            "name": "26390",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26390"
          },
          {
            "name": "SUSE-SR:2007:015",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugs.php.net/bug.php?id=40578"
          },
          {
            "name": "FEDORA-2007-2055",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://fedoranews.org/updates/FEDORA-2007-205.shtml"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-02-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "2007-0024",
          "tags": [
            "vendor-advisory",
            "x_refsource_TRUSTIX"
          ],
          "url": "http://www.trustix.org/errata/2007/0024/"
        },
        {
          "name": "MDKSA-2007:164",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:164"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.libgd.org/?do=details\u0026task_id=48"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.libgd.org/ReleaseNote020035"
        },
        {
          "name": "26415",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26415"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-1643"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=277421"
        },
        {
          "name": "25855",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25855"
        },
        {
          "name": "GLSA-200805-13",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"
        },
        {
          "name": "20070907 FLEA-2007-0052-1 gd",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/478796/100/0/threaded"
        },
        {
          "name": "26467",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26467"
        },
        {
          "name": "42813",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42813"
        },
        {
          "name": "GLSA-200708-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200708-05.xml"
        },
        {
          "name": "30168",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30168"
        },
        {
          "name": "FEDORA-2007-692",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html"
        },
        {
          "name": "ADV-2011-0022",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0022"
        },
        {
          "name": "ADV-2007-2336",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2336"
        },
        {
          "name": "26663",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26663"
        },
        {
          "name": "FEDORA-2010-19033",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html"
        },
        {
          "name": "26856",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26856"
        },
        {
          "name": "26272",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26272"
        },
        {
          "name": "GLSA-200711-34",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"
        },
        {
          "name": "37740",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37740"
        },
        {
          "name": "FEDORA-2010-19022",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html"
        },
        {
          "name": "MDKSA-2007:153",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:153"
        },
        {
          "name": "26766",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26766"
        },
        {
          "name": "26390",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26390"
        },
        {
          "name": "SUSE-SR:2007:015",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugs.php.net/bug.php?id=40578"
        },
        {
          "name": "FEDORA-2007-2055",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://fedoranews.org/updates/FEDORA-2007-205.shtml"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-3478",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "2007-0024",
              "refsource": "TRUSTIX",
              "url": "http://www.trustix.org/errata/2007/0024/"
            },
            {
              "name": "MDKSA-2007:164",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:164"
            },
            {
              "name": "http://bugs.libgd.org/?do=details\u0026task_id=48",
              "refsource": "CONFIRM",
              "url": "http://bugs.libgd.org/?do=details\u0026task_id=48"
            },
            {
              "name": "http://www.libgd.org/ReleaseNote020035",
              "refsource": "MISC",
              "url": "http://www.libgd.org/ReleaseNote020035"
            },
            {
              "name": "26415",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26415"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-1643",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-1643"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=277421",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=277421"
            },
            {
              "name": "25855",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25855"
            },
            {
              "name": "GLSA-200805-13",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"
            },
            {
              "name": "20070907 FLEA-2007-0052-1 gd",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/478796/100/0/threaded"
            },
            {
              "name": "26467",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26467"
            },
            {
              "name": "42813",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42813"
            },
            {
              "name": "GLSA-200708-05",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200708-05.xml"
            },
            {
              "name": "30168",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30168"
            },
            {
              "name": "FEDORA-2007-692",
              "refsource": "FEDORA",
              "url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html"
            },
            {
              "name": "ADV-2011-0022",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0022"
            },
            {
              "name": "ADV-2007-2336",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2336"
            },
            {
              "name": "26663",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26663"
            },
            {
              "name": "FEDORA-2010-19033",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html"
            },
            {
              "name": "26856",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26856"
            },
            {
              "name": "26272",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26272"
            },
            {
              "name": "GLSA-200711-34",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"
            },
            {
              "name": "37740",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37740"
            },
            {
              "name": "FEDORA-2010-19022",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html"
            },
            {
              "name": "MDKSA-2007:153",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:153"
            },
            {
              "name": "26766",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26766"
            },
            {
              "name": "26390",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26390"
            },
            {
              "name": "SUSE-SR:2007:015",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
            },
            {
              "name": "http://bugs.php.net/bug.php?id=40578",
              "refsource": "MISC",
              "url": "http://bugs.php.net/bug.php?id=40578"
            },
            {
              "name": "FEDORA-2007-2055",
              "refsource": "FEDORA",
              "url": "http://fedoranews.org/updates/FEDORA-2007-205.shtml"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-3478",
    "datePublished": "2007-06-28T18:00:00",
    "dateReserved": "2007-06-28T00:00:00",
    "dateUpdated": "2024-08-07T14:21:35.683Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-3476
Vulnerability from cvelistv5
Published
2007-06-28 18:00
Modified
2024-08-07 14:21
Severity ?
Summary
Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault.
References
http://osvdb.org/37741vdb-entry, x_refsource_OSVDB
http://bugs.libgd.org/?do=details&task_id=87x_refsource_CONFIRM
http://www.trustix.org/errata/2007/0024/vendor-advisory, x_refsource_TRUSTIX
http://www.mandriva.com/security/advisories?name=MDKSA-2007:164vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/29157third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2008/dsa-1613vendor-advisory, x_refsource_DEBIAN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10348vdb-entry, signature, x_refsource_OVAL
http://www.libgd.org/ReleaseNote020035x_refsource_MISC
http://secunia.com/advisories/26415third-party-advisory, x_refsource_SECUNIA
https://issues.rpath.com/browse/RPL-1643x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=277421x_refsource_CONFIRM
http://security.gentoo.org/glsa/glsa-200805-13.xmlvendor-advisory, x_refsource_GENTOO
http://www.securityfocus.com/archive/1/478796/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/26467third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/31168third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/42813third-party-advisory, x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-200708-05.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/30168third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.htmlvendor-advisory, x_refsource_FEDORA
http://www.vupen.com/english/advisories/2011/0022vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/25860third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/26663third-party-advisory, x_refsource_SECUNIA
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.htmlvendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/26856third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/26272third-party-advisory, x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-200711-34.xmlvendor-advisory, x_refsource_GENTOO
http://www.redhat.com/support/errata/RHSA-2008-0146.htmlvendor-advisory, x_refsource_REDHAT
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.htmlvendor-advisory, x_refsource_FEDORA
http://www.securityfocus.com/bid/24651vdb-entry, x_refsource_BID
http://www.mandriva.com/security/advisories?name=MDKSA-2007:153vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/26766third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/26390third-party-advisory, x_refsource_SECUNIA
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgzx_refsource_CONFIRM
http://www.novell.com/linux/security/advisories/2007_15_sr.htmlvendor-advisory, x_refsource_SUSE
http://fedoranews.org/updates/FEDORA-2007-205.shtmlvendor-advisory, x_refsource_FEDORA
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:21:35.941Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "37741",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37741"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.libgd.org/?do=details\u0026task_id=87"
          },
          {
            "name": "2007-0024",
            "tags": [
              "vendor-advisory",
              "x_refsource_TRUSTIX",
              "x_transferred"
            ],
            "url": "http://www.trustix.org/errata/2007/0024/"
          },
          {
            "name": "MDKSA-2007:164",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:164"
          },
          {
            "name": "29157",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29157"
          },
          {
            "name": "DSA-1613",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1613"
          },
          {
            "name": "oval:org.mitre.oval:def:10348",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10348"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.libgd.org/ReleaseNote020035"
          },
          {
            "name": "26415",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26415"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-1643"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=277421"
          },
          {
            "name": "GLSA-200805-13",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"
          },
          {
            "name": "20070907 FLEA-2007-0052-1 gd",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/478796/100/0/threaded"
          },
          {
            "name": "26467",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26467"
          },
          {
            "name": "31168",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31168"
          },
          {
            "name": "42813",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42813"
          },
          {
            "name": "GLSA-200708-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200708-05.xml"
          },
          {
            "name": "30168",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30168"
          },
          {
            "name": "FEDORA-2007-692",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html"
          },
          {
            "name": "ADV-2011-0022",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0022"
          },
          {
            "name": "25860",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25860"
          },
          {
            "name": "26663",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26663"
          },
          {
            "name": "FEDORA-2010-19033",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html"
          },
          {
            "name": "26856",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26856"
          },
          {
            "name": "26272",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26272"
          },
          {
            "name": "GLSA-200711-34",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"
          },
          {
            "name": "RHSA-2008:0146",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0146.html"
          },
          {
            "name": "FEDORA-2010-19022",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html"
          },
          {
            "name": "24651",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24651"
          },
          {
            "name": "MDKSA-2007:153",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:153"
          },
          {
            "name": "26766",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26766"
          },
          {
            "name": "26390",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26390"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz"
          },
          {
            "name": "SUSE-SR:2007:015",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
          },
          {
            "name": "FEDORA-2007-2055",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://fedoranews.org/updates/FEDORA-2007-205.shtml"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-06-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "37741",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37741"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.libgd.org/?do=details\u0026task_id=87"
        },
        {
          "name": "2007-0024",
          "tags": [
            "vendor-advisory",
            "x_refsource_TRUSTIX"
          ],
          "url": "http://www.trustix.org/errata/2007/0024/"
        },
        {
          "name": "MDKSA-2007:164",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:164"
        },
        {
          "name": "29157",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29157"
        },
        {
          "name": "DSA-1613",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1613"
        },
        {
          "name": "oval:org.mitre.oval:def:10348",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10348"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.libgd.org/ReleaseNote020035"
        },
        {
          "name": "26415",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26415"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-1643"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=277421"
        },
        {
          "name": "GLSA-200805-13",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"
        },
        {
          "name": "20070907 FLEA-2007-0052-1 gd",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/478796/100/0/threaded"
        },
        {
          "name": "26467",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26467"
        },
        {
          "name": "31168",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31168"
        },
        {
          "name": "42813",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42813"
        },
        {
          "name": "GLSA-200708-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200708-05.xml"
        },
        {
          "name": "30168",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30168"
        },
        {
          "name": "FEDORA-2007-692",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html"
        },
        {
          "name": "ADV-2011-0022",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0022"
        },
        {
          "name": "25860",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25860"
        },
        {
          "name": "26663",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26663"
        },
        {
          "name": "FEDORA-2010-19033",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html"
        },
        {
          "name": "26856",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26856"
        },
        {
          "name": "26272",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26272"
        },
        {
          "name": "GLSA-200711-34",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"
        },
        {
          "name": "RHSA-2008:0146",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0146.html"
        },
        {
          "name": "FEDORA-2010-19022",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html"
        },
        {
          "name": "24651",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24651"
        },
        {
          "name": "MDKSA-2007:153",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:153"
        },
        {
          "name": "26766",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26766"
        },
        {
          "name": "26390",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26390"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz"
        },
        {
          "name": "SUSE-SR:2007:015",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
        },
        {
          "name": "FEDORA-2007-2055",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://fedoranews.org/updates/FEDORA-2007-205.shtml"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-3476",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "37741",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37741"
            },
            {
              "name": "http://bugs.libgd.org/?do=details\u0026task_id=87",
              "refsource": "CONFIRM",
              "url": "http://bugs.libgd.org/?do=details\u0026task_id=87"
            },
            {
              "name": "2007-0024",
              "refsource": "TRUSTIX",
              "url": "http://www.trustix.org/errata/2007/0024/"
            },
            {
              "name": "MDKSA-2007:164",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:164"
            },
            {
              "name": "29157",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29157"
            },
            {
              "name": "DSA-1613",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2008/dsa-1613"
            },
            {
              "name": "oval:org.mitre.oval:def:10348",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10348"
            },
            {
              "name": "http://www.libgd.org/ReleaseNote020035",
              "refsource": "MISC",
              "url": "http://www.libgd.org/ReleaseNote020035"
            },
            {
              "name": "26415",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26415"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-1643",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-1643"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=277421",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=277421"
            },
            {
              "name": "GLSA-200805-13",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"
            },
            {
              "name": "20070907 FLEA-2007-0052-1 gd",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/478796/100/0/threaded"
            },
            {
              "name": "26467",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26467"
            },
            {
              "name": "31168",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31168"
            },
            {
              "name": "42813",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42813"
            },
            {
              "name": "GLSA-200708-05",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200708-05.xml"
            },
            {
              "name": "30168",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30168"
            },
            {
              "name": "FEDORA-2007-692",
              "refsource": "FEDORA",
              "url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html"
            },
            {
              "name": "ADV-2011-0022",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0022"
            },
            {
              "name": "25860",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25860"
            },
            {
              "name": "26663",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26663"
            },
            {
              "name": "FEDORA-2010-19033",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html"
            },
            {
              "name": "26856",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26856"
            },
            {
              "name": "26272",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26272"
            },
            {
              "name": "GLSA-200711-34",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"
            },
            {
              "name": "RHSA-2008:0146",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0146.html"
            },
            {
              "name": "FEDORA-2010-19022",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html"
            },
            {
              "name": "24651",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24651"
            },
            {
              "name": "MDKSA-2007:153",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:153"
            },
            {
              "name": "26766",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26766"
            },
            {
              "name": "26390",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26390"
            },
            {
              "name": "ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz",
              "refsource": "CONFIRM",
              "url": "ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz"
            },
            {
              "name": "SUSE-SR:2007:015",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
            },
            {
              "name": "FEDORA-2007-2055",
              "refsource": "FEDORA",
              "url": "http://fedoranews.org/updates/FEDORA-2007-205.shtml"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-3476",
    "datePublished": "2007-06-28T18:00:00",
    "dateReserved": "2007-06-28T00:00:00",
    "dateUpdated": "2024-08-07T14:21:35.941Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-3475
Vulnerability from cvelistv5
Published
2007-06-28 18:00
Modified
2024-08-07 14:21
Severity ?
Summary
The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map.
References
http://www.trustix.org/errata/2007/0024/vendor-advisory, x_refsource_TRUSTIX
http://www.mandriva.com/security/advisories?name=MDKSA-2007:164vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/29157third-party-advisory, x_refsource_SECUNIA
http://www.libgd.org/ReleaseNote020035x_refsource_MISC
http://secunia.com/advisories/26415third-party-advisory, x_refsource_SECUNIA
https://issues.rpath.com/browse/RPL-1643x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=277421x_refsource_CONFIRM
http://security.gentoo.org/glsa/glsa-200805-13.xmlvendor-advisory, x_refsource_GENTOO
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9728vdb-entry, signature, x_refsource_OVAL
http://bugs.libgd.org/?do=details&task_id=70x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/478796/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/26467third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/42813third-party-advisory, x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-200708-05.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/30168third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.htmlvendor-advisory, x_refsource_FEDORA
http://www.vupen.com/english/advisories/2011/0022vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/25860third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/26663third-party-advisory, x_refsource_SECUNIA
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.htmlvendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/26856third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/26272third-party-advisory, x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-200711-34.xmlvendor-advisory, x_refsource_GENTOO
http://www.redhat.com/support/errata/RHSA-2008-0146.htmlvendor-advisory, x_refsource_REDHAT
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.htmlvendor-advisory, x_refsource_FEDORA
http://www.securityfocus.com/bid/24651vdb-entry, x_refsource_BID
http://www.mandriva.com/security/advisories?name=MDKSA-2007:153vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/26766third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/26390third-party-advisory, x_refsource_SECUNIA
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgzx_refsource_CONFIRM
http://www.novell.com/linux/security/advisories/2007_15_sr.htmlvendor-advisory, x_refsource_SUSE
http://fedoranews.org/updates/FEDORA-2007-205.shtmlvendor-advisory, x_refsource_FEDORA
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:21:35.760Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "2007-0024",
            "tags": [
              "vendor-advisory",
              "x_refsource_TRUSTIX",
              "x_transferred"
            ],
            "url": "http://www.trustix.org/errata/2007/0024/"
          },
          {
            "name": "MDKSA-2007:164",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:164"
          },
          {
            "name": "29157",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29157"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.libgd.org/ReleaseNote020035"
          },
          {
            "name": "26415",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26415"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-1643"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=277421"
          },
          {
            "name": "GLSA-200805-13",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"
          },
          {
            "name": "oval:org.mitre.oval:def:9728",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9728"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.libgd.org/?do=details\u0026task_id=70"
          },
          {
            "name": "20070907 FLEA-2007-0052-1 gd",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/478796/100/0/threaded"
          },
          {
            "name": "26467",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26467"
          },
          {
            "name": "42813",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42813"
          },
          {
            "name": "GLSA-200708-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200708-05.xml"
          },
          {
            "name": "30168",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30168"
          },
          {
            "name": "FEDORA-2007-692",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html"
          },
          {
            "name": "ADV-2011-0022",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0022"
          },
          {
            "name": "25860",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25860"
          },
          {
            "name": "26663",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26663"
          },
          {
            "name": "FEDORA-2010-19033",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html"
          },
          {
            "name": "26856",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26856"
          },
          {
            "name": "26272",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26272"
          },
          {
            "name": "GLSA-200711-34",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"
          },
          {
            "name": "RHSA-2008:0146",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0146.html"
          },
          {
            "name": "FEDORA-2010-19022",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html"
          },
          {
            "name": "24651",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24651"
          },
          {
            "name": "MDKSA-2007:153",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:153"
          },
          {
            "name": "26766",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26766"
          },
          {
            "name": "26390",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26390"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz"
          },
          {
            "name": "SUSE-SR:2007:015",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
          },
          {
            "name": "FEDORA-2007-2055",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://fedoranews.org/updates/FEDORA-2007-205.shtml"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-04-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "2007-0024",
          "tags": [
            "vendor-advisory",
            "x_refsource_TRUSTIX"
          ],
          "url": "http://www.trustix.org/errata/2007/0024/"
        },
        {
          "name": "MDKSA-2007:164",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:164"
        },
        {
          "name": "29157",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29157"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.libgd.org/ReleaseNote020035"
        },
        {
          "name": "26415",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26415"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-1643"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=277421"
        },
        {
          "name": "GLSA-200805-13",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"
        },
        {
          "name": "oval:org.mitre.oval:def:9728",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9728"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.libgd.org/?do=details\u0026task_id=70"
        },
        {
          "name": "20070907 FLEA-2007-0052-1 gd",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/478796/100/0/threaded"
        },
        {
          "name": "26467",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26467"
        },
        {
          "name": "42813",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42813"
        },
        {
          "name": "GLSA-200708-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200708-05.xml"
        },
        {
          "name": "30168",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30168"
        },
        {
          "name": "FEDORA-2007-692",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html"
        },
        {
          "name": "ADV-2011-0022",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0022"
        },
        {
          "name": "25860",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25860"
        },
        {
          "name": "26663",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26663"
        },
        {
          "name": "FEDORA-2010-19033",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html"
        },
        {
          "name": "26856",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26856"
        },
        {
          "name": "26272",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26272"
        },
        {
          "name": "GLSA-200711-34",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"
        },
        {
          "name": "RHSA-2008:0146",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0146.html"
        },
        {
          "name": "FEDORA-2010-19022",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html"
        },
        {
          "name": "24651",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24651"
        },
        {
          "name": "MDKSA-2007:153",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:153"
        },
        {
          "name": "26766",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26766"
        },
        {
          "name": "26390",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26390"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz"
        },
        {
          "name": "SUSE-SR:2007:015",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
        },
        {
          "name": "FEDORA-2007-2055",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://fedoranews.org/updates/FEDORA-2007-205.shtml"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-3475",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "2007-0024",
              "refsource": "TRUSTIX",
              "url": "http://www.trustix.org/errata/2007/0024/"
            },
            {
              "name": "MDKSA-2007:164",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:164"
            },
            {
              "name": "29157",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29157"
            },
            {
              "name": "http://www.libgd.org/ReleaseNote020035",
              "refsource": "MISC",
              "url": "http://www.libgd.org/ReleaseNote020035"
            },
            {
              "name": "26415",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26415"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-1643",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-1643"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=277421",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=277421"
            },
            {
              "name": "GLSA-200805-13",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"
            },
            {
              "name": "oval:org.mitre.oval:def:9728",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9728"
            },
            {
              "name": "http://bugs.libgd.org/?do=details\u0026task_id=70",
              "refsource": "CONFIRM",
              "url": "http://bugs.libgd.org/?do=details\u0026task_id=70"
            },
            {
              "name": "20070907 FLEA-2007-0052-1 gd",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/478796/100/0/threaded"
            },
            {
              "name": "26467",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26467"
            },
            {
              "name": "42813",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42813"
            },
            {
              "name": "GLSA-200708-05",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200708-05.xml"
            },
            {
              "name": "30168",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30168"
            },
            {
              "name": "FEDORA-2007-692",
              "refsource": "FEDORA",
              "url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html"
            },
            {
              "name": "ADV-2011-0022",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0022"
            },
            {
              "name": "25860",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25860"
            },
            {
              "name": "26663",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26663"
            },
            {
              "name": "FEDORA-2010-19033",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html"
            },
            {
              "name": "26856",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26856"
            },
            {
              "name": "26272",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26272"
            },
            {
              "name": "GLSA-200711-34",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"
            },
            {
              "name": "RHSA-2008:0146",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0146.html"
            },
            {
              "name": "FEDORA-2010-19022",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html"
            },
            {
              "name": "24651",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24651"
            },
            {
              "name": "MDKSA-2007:153",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:153"
            },
            {
              "name": "26766",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26766"
            },
            {
              "name": "26390",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26390"
            },
            {
              "name": "ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz",
              "refsource": "CONFIRM",
              "url": "ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz"
            },
            {
              "name": "SUSE-SR:2007:015",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
            },
            {
              "name": "FEDORA-2007-2055",
              "refsource": "FEDORA",
              "url": "http://fedoranews.org/updates/FEDORA-2007-205.shtml"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-3475",
    "datePublished": "2007-06-28T18:00:00",
    "dateReserved": "2007-06-28T00:00:00",
    "dateUpdated": "2024-08-07T14:21:35.760Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2007-06-28 18:30
Modified
2024-11-21 00:33
Severity ?
Summary
Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault.
References
cve@mitre.orgftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz
cve@mitre.orghttp://bugs.libgd.org/?do=details&task_id=87
cve@mitre.orghttp://fedoranews.org/updates/FEDORA-2007-205.shtml
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html
cve@mitre.orghttp://osvdb.org/37741
cve@mitre.orghttp://secunia.com/advisories/25860
cve@mitre.orghttp://secunia.com/advisories/26272
cve@mitre.orghttp://secunia.com/advisories/26390
cve@mitre.orghttp://secunia.com/advisories/26415
cve@mitre.orghttp://secunia.com/advisories/26467
cve@mitre.orghttp://secunia.com/advisories/26663
cve@mitre.orghttp://secunia.com/advisories/26766
cve@mitre.orghttp://secunia.com/advisories/26856
cve@mitre.orghttp://secunia.com/advisories/29157
cve@mitre.orghttp://secunia.com/advisories/30168
cve@mitre.orghttp://secunia.com/advisories/31168
cve@mitre.orghttp://secunia.com/advisories/42813
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200708-05.xml
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200711-34.xml
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200805-13.xml
cve@mitre.orghttp://www.debian.org/security/2008/dsa-1613
cve@mitre.orghttp://www.libgd.org/ReleaseNote020035Patch
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2007:153
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2007:164
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2007_15_sr.html
cve@mitre.orghttp://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2008-0146.html
cve@mitre.orghttp://www.securityfocus.com/archive/1/478796/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/24651
cve@mitre.orghttp://www.trustix.org/errata/2007/0024/
cve@mitre.orghttp://www.vupen.com/english/advisories/2011/0022
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=277421
cve@mitre.orghttps://issues.rpath.com/browse/RPL-1643
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10348
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz
af854a3a-2127-422b-91ae-364da2661108http://bugs.libgd.org/?do=details&task_id=87
af854a3a-2127-422b-91ae-364da2661108http://fedoranews.org/updates/FEDORA-2007-205.shtml
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/37741
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/25860
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26272
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26390
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26415
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26467
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26663
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26766
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26856
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29157
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30168
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31168
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/42813
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200708-05.xml
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200711-34.xml
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200805-13.xml
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2008/dsa-1613
af854a3a-2127-422b-91ae-364da2661108http://www.libgd.org/ReleaseNote020035Patch
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2007:153
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2007:164
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2007_15_sr.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2008-0146.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/478796/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/24651
af854a3a-2127-422b-91ae-364da2661108http://www.trustix.org/errata/2007/0024/
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0022
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=277421
af854a3a-2127-422b-91ae-364da2661108https://issues.rpath.com/browse/RPL-1643
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10348
Impacted products
Vendor Product Version
gd_graphics_library gdlib *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gd_graphics_library:gdlib:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "96F87073-B7D4-4386-8171-A2076BC10586",
              "versionEndIncluding": "2.0.34",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault."
    },
    {
      "lang": "es",
      "value": "Error de \u00edndice de array en gd_gif_in.c de la librer\u00eda gr\u00e1fica GD (libgd) anterior a 2.0.35 permite a atacantes remotos con la intervenci\u00f3n del usuario provocar una denegaci\u00f3n de servicio (ca\u00edda y corrupci\u00f3n del mont\u00edculo) mediante valores de \u00edndice de color grandes en datos de imagen manipulados, lo cual resulta en un fallo de segmentaci\u00f3n."
    }
  ],
  "id": "CVE-2007-3476",
  "lastModified": "2024-11-21T00:33:20.257",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-06-28T18:30:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://bugs.libgd.org/?do=details\u0026task_id=87"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://fedoranews.org/updates/FEDORA-2007-205.shtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/37741"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/25860"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/26272"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/26390"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/26415"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/26467"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/26663"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/26766"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/26856"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/29157"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/30168"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/31168"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/42813"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200708-05.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2008/dsa-1613"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.libgd.org/ReleaseNote020035"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:153"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:164"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0146.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/478796/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/24651"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.trustix.org/errata/2007/0024/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2011/0022"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=277421"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://issues.rpath.com/browse/RPL-1643"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10348"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.libgd.org/?do=details\u0026task_id=87"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://fedoranews.org/updates/FEDORA-2007-205.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/37741"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/25860"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26272"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26390"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26415"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26467"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26663"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26766"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26856"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29157"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30168"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31168"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/42813"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200708-05.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2008/dsa-1613"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.libgd.org/ReleaseNote020035"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:153"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:164"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0146.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/478796/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/24651"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.trustix.org/errata/2007/0024/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/0022"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=277421"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.rpath.com/browse/RPL-1643"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10348"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-3476\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.",
      "lastModified": "2007-09-05T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2005-02-09 05:00
Modified
2024-11-20 23:49
Severity ?
Summary
Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function, a different set of vulnerabilities than CVE-2004-0990.
References
cve@mitre.orghttp://secunia.com/advisories/13179/
cve@mitre.orghttp://secunia.com/advisories/18686
cve@mitre.orghttp://secunia.com/advisories/20824
cve@mitre.orghttp://secunia.com/advisories/21050
cve@mitre.orghttp://www.ciac.org/ciac/bulletins/p-071.shtml
cve@mitre.orghttp://www.debian.org/security/2004/dsa-601
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2006:113
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2006:114
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2006:122
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-638.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2006-0194.html
cve@mitre.orghttp://www.securityfocus.com/bid/11663Patch, Vendor Advisory
cve@mitre.orghttp://www.trustix.org/errata/2004/0058Patch, Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/18048
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11176
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1195
cve@mitre.orghttps://www.ubuntu.com/usn/usn-25-1/
cve@mitre.orghttps://www.ubuntu.com/usn/usn-33-1/
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/13179/
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/18686
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/20824
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21050
af854a3a-2127-422b-91ae-364da2661108http://www.ciac.org/ciac/bulletins/p-071.shtml
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2004/dsa-601
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2006:113
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2006:114
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2006:122
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-638.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2006-0194.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/11663Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.trustix.org/errata/2004/0058Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/18048
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11176
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1195
af854a3a-2127-422b-91ae-364da2661108https://www.ubuntu.com/usn/usn-25-1/
af854a3a-2127-422b-91ae-364da2661108https://www.ubuntu.com/usn/usn-33-1/
Impacted products
Vendor Product Version
gd_graphics_library gdlib 1.8.4
gd_graphics_library gdlib 2.0.1
gd_graphics_library gdlib 2.0.20
gd_graphics_library gdlib 2.0.21
gd_graphics_library gdlib 2.0.22
gd_graphics_library gdlib 2.0.23
gd_graphics_library gdlib 2.0.26
gd_graphics_library gdlib 2.0.27
gd_graphics_library gdlib 2.0.28
gd_graphics_library gdlib 2.0.33
trustix secure_linux 1.5
trustix secure_linux 2.0
trustix secure_linux 2.1
trustix secure_linux 2.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gd_graphics_library:gdlib:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "34AA5406-7E6C-433F-939B-4711AB522D65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gd_graphics_library:gdlib:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FAFA235-A874-4B02-AA86-0855DD8358C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gd_graphics_library:gdlib:2.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8BA0DAF-879D-4430-8C15-1D8C3BE9EF62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gd_graphics_library:gdlib:2.0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "674E6FF2-6DF7-4ED2-AE73-82D6AF2ED44D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gd_graphics_library:gdlib:2.0.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C59CA2B-A83F-44BC-9051-B7AE6A6CDA7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gd_graphics_library:gdlib:2.0.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C23FAB0-4CA9-4757-B4D2-ED1408C3C4DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gd_graphics_library:gdlib:2.0.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E27C04A-12C2-41FB-9BBC-27D72CF12B61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gd_graphics_library:gdlib:2.0.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3309A73-CD90-47AC-93FA-6013DD4D9F30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gd_graphics_library:gdlib:2.0.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "A498FA34-E868-4352-A02C-ED2D5106A56D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gd_graphics_library:gdlib:2.0.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C24C13E-E369-47E9-BF6F-3EC9F2D3FCC8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:trustix:secure_linux:1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "39605B96-BAD6-45C9-BB9A-43D6E2C51ADD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "53AF1A2D-B0A2-4097-AD1D-DF3AF27171BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:trustix:secure_linux:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A67735E5-E43E-4164-BDB2-ADC6E0288E9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:trustix:secure_linux:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AB70F82-52BB-4D0D-9A24-9AF67278466D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function, a different set of vulnerabilities than CVE-2004-0990."
    }
  ],
  "id": "CVE-2004-0941",
  "lastModified": "2024-11-20T23:49:44.350",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-02-09T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/13179/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/18686"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/20824"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/21050"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ciac.org/ciac/bulletins/p-071.shtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2004/dsa-601"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:113"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:114"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:122"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-638.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0194.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/11663"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.trustix.org/errata/2004/0058"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18048"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11176"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1195"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.ubuntu.com/usn/usn-25-1/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.ubuntu.com/usn/usn-33-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/13179/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/18686"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/20824"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/21050"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ciac.org/ciac/bulletins/p-071.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2004/dsa-601"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:113"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:114"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:122"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-638.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0194.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/11663"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.trustix.org/errata/2004/0058"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18048"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11176"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1195"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.ubuntu.com/usn/usn-25-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.ubuntu.com/usn/usn-33-1/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
      "lastModified": "2007-03-14T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2007-06-28 18:30
Modified
2024-11-21 00:33
Severity ?
Summary
The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map.
References
cve@mitre.orgftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz
cve@mitre.orghttp://bugs.libgd.org/?do=details&task_id=70
cve@mitre.orghttp://fedoranews.org/updates/FEDORA-2007-205.shtml
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html
cve@mitre.orghttp://secunia.com/advisories/25860
cve@mitre.orghttp://secunia.com/advisories/26272
cve@mitre.orghttp://secunia.com/advisories/26390
cve@mitre.orghttp://secunia.com/advisories/26415
cve@mitre.orghttp://secunia.com/advisories/26467
cve@mitre.orghttp://secunia.com/advisories/26663
cve@mitre.orghttp://secunia.com/advisories/26766
cve@mitre.orghttp://secunia.com/advisories/26856
cve@mitre.orghttp://secunia.com/advisories/29157
cve@mitre.orghttp://secunia.com/advisories/30168
cve@mitre.orghttp://secunia.com/advisories/42813
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200708-05.xml
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200711-34.xml
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200805-13.xml
cve@mitre.orghttp://www.libgd.org/ReleaseNote020035Patch
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2007:153
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2007:164
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2007_15_sr.html
cve@mitre.orghttp://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2008-0146.html
cve@mitre.orghttp://www.securityfocus.com/archive/1/478796/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/24651
cve@mitre.orghttp://www.trustix.org/errata/2007/0024/
cve@mitre.orghttp://www.vupen.com/english/advisories/2011/0022
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=277421
cve@mitre.orghttps://issues.rpath.com/browse/RPL-1643
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9728
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz
af854a3a-2127-422b-91ae-364da2661108http://bugs.libgd.org/?do=details&task_id=70
af854a3a-2127-422b-91ae-364da2661108http://fedoranews.org/updates/FEDORA-2007-205.shtml
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/25860
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26272
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26390
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26415
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26467
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26663
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26766
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26856
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29157
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30168
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/42813
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200708-05.xml
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200711-34.xml
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200805-13.xml
af854a3a-2127-422b-91ae-364da2661108http://www.libgd.org/ReleaseNote020035Patch
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2007:153
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2007:164
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2007_15_sr.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2008-0146.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/478796/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/24651
af854a3a-2127-422b-91ae-364da2661108http://www.trustix.org/errata/2007/0024/
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0022
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=277421
af854a3a-2127-422b-91ae-364da2661108https://issues.rpath.com/browse/RPL-1643
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9728
Impacted products
Vendor Product Version
gd_graphics_library gdlib *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gd_graphics_library:gdlib:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "96F87073-B7D4-4386-8171-A2076BC10586",
              "versionEndIncluding": "2.0.34",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map."
    },
    {
      "lang": "es",
      "value": "GD Graphics Library (libgd) anterior a 2.0.35 permite a atacantes remotos con la complicidad del usuario provocar una denegaci\u00f3n de servicio (ca\u00edda) mediante una imagen GIF que no tiene color global de mapa."
    }
  ],
  "id": "CVE-2007-3475",
  "lastModified": "2024-11-21T00:33:20.083",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-06-28T18:30:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://bugs.libgd.org/?do=details\u0026task_id=70"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://fedoranews.org/updates/FEDORA-2007-205.shtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/25860"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/26272"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/26390"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/26415"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/26467"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/26663"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/26766"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/26856"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/29157"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/30168"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/42813"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200708-05.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.libgd.org/ReleaseNote020035"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:153"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:164"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0146.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/478796/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/24651"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.trustix.org/errata/2007/0024/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2011/0022"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=277421"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://issues.rpath.com/browse/RPL-1643"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9728"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.libgd.org/?do=details\u0026task_id=70"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://fedoranews.org/updates/FEDORA-2007-205.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/25860"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26272"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26390"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26415"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26467"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26663"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26766"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26856"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29157"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30168"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/42813"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200708-05.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.libgd.org/ReleaseNote020035"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:153"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:164"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0146.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/478796/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/24651"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.trustix.org/errata/2007/0024/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/0022"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=277421"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.rpath.com/browse/RPL-1643"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9728"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-3475\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.",
      "lastModified": "2007-09-05T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2007-06-28 18:30
Modified
2024-11-21 00:33
Severity ?
Summary
Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support.
References
cve@mitre.orghttp://bugs.libgd.org/?do=details&task_id=48
cve@mitre.orghttp://bugs.php.net/bug.php?id=40578
cve@mitre.orghttp://fedoranews.org/updates/FEDORA-2007-205.shtml
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html
cve@mitre.orghttp://osvdb.org/37740
cve@mitre.orghttp://secunia.com/advisories/25855Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/26272
cve@mitre.orghttp://secunia.com/advisories/26390
cve@mitre.orghttp://secunia.com/advisories/26415
cve@mitre.orghttp://secunia.com/advisories/26467
cve@mitre.orghttp://secunia.com/advisories/26663
cve@mitre.orghttp://secunia.com/advisories/26766
cve@mitre.orghttp://secunia.com/advisories/26856
cve@mitre.orghttp://secunia.com/advisories/30168
cve@mitre.orghttp://secunia.com/advisories/42813
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200708-05.xml
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200711-34.xml
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200805-13.xml
cve@mitre.orghttp://www.libgd.org/ReleaseNote020035
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2007:153
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2007:164
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2007_15_sr.html
cve@mitre.orghttp://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html
cve@mitre.orghttp://www.securityfocus.com/archive/1/478796/100/0/threaded
cve@mitre.orghttp://www.trustix.org/errata/2007/0024/
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/2336
cve@mitre.orghttp://www.vupen.com/english/advisories/2011/0022
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=277421
cve@mitre.orghttps://issues.rpath.com/browse/RPL-1643
af854a3a-2127-422b-91ae-364da2661108http://bugs.libgd.org/?do=details&task_id=48
af854a3a-2127-422b-91ae-364da2661108http://bugs.php.net/bug.php?id=40578
af854a3a-2127-422b-91ae-364da2661108http://fedoranews.org/updates/FEDORA-2007-205.shtml
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/37740
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/25855Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26272
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26390
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26415
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26467
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26663
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26766
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26856
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30168
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/42813
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200708-05.xml
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200711-34.xml
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200805-13.xml
af854a3a-2127-422b-91ae-364da2661108http://www.libgd.org/ReleaseNote020035
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2007:153
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2007:164
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2007_15_sr.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/478796/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.trustix.org/errata/2007/0024/
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/2336
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0022
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=277421
af854a3a-2127-422b-91ae-364da2661108https://issues.rpath.com/browse/RPL-1643
Impacted products
Vendor Product Version
gd_graphics_library gdlib *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gd_graphics_library:gdlib:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "96F87073-B7D4-4386-8171-A2076BC10586",
              "versionEndIncluding": "2.0.34",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support."
    },
    {
      "lang": "es",
      "value": "Condici\u00f3n de carrera en gdImageStringFTEx (gdft_draw_bitmap) en gdft.c en GD Graphics Library (libgd) anterior a 2.0.35 permite a atacantes remotos con la complicidad del usuario provocar una denegaci\u00f3n de servicio (ca\u00edda) mediante vectores no especificados, posiblemente implicando el soporte para fuentes truetype (TTF)."
    }
  ],
  "id": "CVE-2007-3478",
  "lastModified": "2024-11-21T00:33:20.613",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-06-28T18:30:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://bugs.libgd.org/?do=details\u0026task_id=48"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://bugs.php.net/bug.php?id=40578"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://fedoranews.org/updates/FEDORA-2007-205.shtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/37740"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25855"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/26272"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/26390"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/26415"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/26467"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/26663"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/26766"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/26856"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/30168"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/42813"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200708-05.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.libgd.org/ReleaseNote020035"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:153"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:164"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/478796/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.trustix.org/errata/2007/0024/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/2336"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2011/0022"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=277421"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://issues.rpath.com/browse/RPL-1643"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.libgd.org/?do=details\u0026task_id=48"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.php.net/bug.php?id=40578"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://fedoranews.org/updates/FEDORA-2007-205.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/37740"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25855"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26272"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26390"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26415"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26467"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26663"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26766"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26856"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30168"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/42813"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200708-05.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.libgd.org/ReleaseNote020035"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:153"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:164"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/478796/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.trustix.org/errata/2007/0024/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2336"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/0022"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=277421"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.rpath.com/browse/RPL-1643"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "We currently do not plan to backport a fix for this issue to gd packages in current versions of Red Hat Enterprise Linux 2.1, 3, 4, and 5 due to the low likelihood of and application affected by this problem being exposed in a way that would allow trust boundary to be crossed.",
      "lastModified": "2008-02-14T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-362"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2005-03-01 05:00
Modified
2024-11-20 23:49
Severity ?
Summary
Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941.
References
cve@mitre.orghttp://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html
cve@mitre.orghttp://marc.info/?l=bugtraq&m=109882489302099&w=2
cve@mitre.orghttp://secunia.com/advisories/18717
cve@mitre.orghttp://secunia.com/advisories/20824
cve@mitre.orghttp://secunia.com/advisories/20866
cve@mitre.orghttp://secunia.com/advisories/21050
cve@mitre.orghttp://secunia.com/advisories/23783
cve@mitre.orghttp://www.ciac.org/ciac/bulletins/p-071.shtml
cve@mitre.orghttp://www.debian.org/security/2004/dsa-589
cve@mitre.orghttp://www.debian.org/security/2004/dsa-591
cve@mitre.orghttp://www.debian.org/security/2004/dsa-601
cve@mitre.orghttp://www.debian.org/security/2004/dsa-602
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2004:132
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2006:113
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2006:114
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2006:122
cve@mitre.orghttp://www.osvdb.org/11190
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-638.html
cve@mitre.orghttp://www.securityfocus.com/bid/11523Patch, Vendor Advisory
cve@mitre.orghttp://www.trustix.org/errata/2004/0058
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/17866
cve@mitre.orghttps://issues.rpath.com/browse/RPL-939
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1260
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9952
cve@mitre.orghttps://www.ubuntu.com/usn/usn-11-1/
cve@mitre.orghttps://www.ubuntu.com/usn/usn-25-1/
af854a3a-2127-422b-91ae-364da2661108http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=109882489302099&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/18717
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/20824
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/20866
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21050
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23783
af854a3a-2127-422b-91ae-364da2661108http://www.ciac.org/ciac/bulletins/p-071.shtml
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2004/dsa-589
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2004/dsa-591
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2004/dsa-601
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2004/dsa-602
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2004:132
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2006:113
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2006:114
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2006:122
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/11190
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-638.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/11523Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.trustix.org/errata/2004/0058
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/17866
af854a3a-2127-422b-91ae-364da2661108https://issues.rpath.com/browse/RPL-939
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1260
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9952
af854a3a-2127-422b-91ae-364da2661108https://www.ubuntu.com/usn/usn-11-1/
af854a3a-2127-422b-91ae-364da2661108https://www.ubuntu.com/usn/usn-25-1/
Impacted products
Vendor Product Version
gd_graphics_library gdlib 1.8.4
gd_graphics_library gdlib 2.0.1
gd_graphics_library gdlib 2.0.15
gd_graphics_library gdlib 2.0.20
gd_graphics_library gdlib 2.0.21
gd_graphics_library gdlib 2.0.22
gd_graphics_library gdlib 2.0.23
gd_graphics_library gdlib 2.0.26
gd_graphics_library gdlib 2.0.27
gd_graphics_library gdlib 2.0.28
openpkg openpkg 2.1
openpkg openpkg 2.2
openpkg openpkg current
gentoo linux *
suse suse_linux 8.0
suse suse_linux 8.1
suse suse_linux 8.2
suse suse_linux 9.0
suse suse_linux 9.0
suse suse_linux 9.1
suse suse_linux 9.2
trustix secure_linux 1.5
trustix secure_linux 2.0
trustix secure_linux 2.1
trustix secure_linux 2.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gd_graphics_library:gdlib:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "34AA5406-7E6C-433F-939B-4711AB522D65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gd_graphics_library:gdlib:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FAFA235-A874-4B02-AA86-0855DD8358C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gd_graphics_library:gdlib:2.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C5225C7-E983-435F-8057-75BEAF7D4A30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gd_graphics_library:gdlib:2.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8BA0DAF-879D-4430-8C15-1D8C3BE9EF62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gd_graphics_library:gdlib:2.0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "674E6FF2-6DF7-4ED2-AE73-82D6AF2ED44D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gd_graphics_library:gdlib:2.0.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C59CA2B-A83F-44BC-9051-B7AE6A6CDA7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gd_graphics_library:gdlib:2.0.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C23FAB0-4CA9-4757-B4D2-ED1408C3C4DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gd_graphics_library:gdlib:2.0.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E27C04A-12C2-41FB-9BBC-27D72CF12B61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gd_graphics_library:gdlib:2.0.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3309A73-CD90-47AC-93FA-6013DD4D9F30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gd_graphics_library:gdlib:2.0.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "A498FA34-E868-4352-A02C-ED2D5106A56D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openpkg:openpkg:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "37042CDE-E4FE-442E-891A-CD84433D36E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openpkg:openpkg:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "11F6E348-01DF-4FA4-808E-39A2A7A2B97B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openpkg:openpkg:current:*:*:*:*:*:*:*",
              "matchCriteriaId": "D342447B-5233-45FD-B1CF-8D84921402AD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "647BA336-5538-4972-9271-383A0EC9378E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "28CD54FE-D682-4063-B7C3-8B29B26B39AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8C55338-3372-413F-82E3-E1B476D6F41A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EFB33BF-F6A5-48C1-AEB5-194FCBCFC958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB0E2D3B-B50A-46C2-BA1E-3E014DE91954",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*",
              "matchCriteriaId": "56EF103F-5668-4754-A83B-D3662D0CE815",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFABFCE5-4F86-4AE8-9849-BC360AC72098",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFF36BC6-6CCD-4FEE-A120-5B8C4BF5620C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:trustix:secure_linux:1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "39605B96-BAD6-45C9-BB9A-43D6E2C51ADD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "53AF1A2D-B0A2-4097-AD1D-DF3AF27171BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:trustix:secure_linux:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A67735E5-E43E-4164-BDB2-ADC6E0288E9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:trustix:secure_linux:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AB70F82-52BB-4D0D-9A24-9AF67278466D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941."
    }
  ],
  "id": "CVE-2004-0990",
  "lastModified": "2024-11-20T23:49:50.993",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-03-01T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=109882489302099\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/18717"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/20824"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/20866"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/21050"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/23783"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ciac.org/ciac/bulletins/p-071.shtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2004/dsa-589"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2004/dsa-591"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2004/dsa-601"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2004/dsa-602"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:132"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:113"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:114"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:122"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/11190"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-638.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/11523"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.trustix.org/errata/2004/0058"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17866"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://issues.rpath.com/browse/RPL-939"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1260"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9952"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.ubuntu.com/usn/usn-11-1/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.ubuntu.com/usn/usn-25-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=109882489302099\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/18717"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/20824"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/20866"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/21050"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/23783"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ciac.org/ciac/bulletins/p-071.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2004/dsa-589"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2004/dsa-591"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2004/dsa-601"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2004/dsa-602"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:132"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:113"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:114"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:122"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/11190"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-638.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/11523"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.trustix.org/errata/2004/0058"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17866"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.rpath.com/browse/RPL-939"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1260"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9952"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.ubuntu.com/usn/usn-11-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.ubuntu.com/usn/usn-25-1/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}