ID CVE-2007-3477
Summary The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allow attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value.
References
Vulnerable Configurations
  • cpe:2.3:a:libgd:gd_graphics_library:2.0.33
    cpe:2.3:a:libgd:gd_graphics_library:2.0.33
  • cpe:2.3:a:libgd:gd_graphics_library:2.0.34
    cpe:2.3:a:libgd:gd_graphics_library:2.0.34
  • cpe:2.3:a:libgd:gd_graphics_library:2.0.34:rc1
    cpe:2.3:a:libgd:gd_graphics_library:2.0.34:rc1
  • cpe:2.3:a:libgd:gd_graphics_library:2.0.34:rc2
    cpe:2.3:a:libgd:gd_graphics_library:2.0.34:rc2
  • cpe:2.3:a:libgd:gd_graphics_library:2.0.35:rc1
    cpe:2.3:a:libgd:gd_graphics_library:2.0.35:rc1
  • cpe:2.3:a:libgd:gd_graphics_library:2.0.35:rc2
    cpe:2.3:a:libgd:gd_graphics_library:2.0.35:rc2
  • cpe:2.3:a:libgd:gd_graphics_library:2.0.35:rc3
    cpe:2.3:a:libgd:gd_graphics_library:2.0.35:rc3
  • cpe:2.3:a:libgd:gd_graphics_library:2.0.35:rc4
    cpe:2.3:a:libgd:gd_graphics_library:2.0.35:rc4
  • cpe:2.3:a:libgd:gd_graphics_library:2.0.35:rc5
    cpe:2.3:a:libgd:gd_graphics_library:2.0.35:rc5
CVSS
Base: 5.0 (as of 01-07-2007 - 17:37)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1613.NASL
    description Multiple vulnerabilities have been identified in libgd2, a library for programmatic graphics creation and manipulation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-2445 Grayscale PNG files containing invalid tRNS chunk CRC values could cause a denial of service (crash), if a maliciously crafted image is loaded into an application using libgd. - CVE-2007-3476 An array indexing error in libgd's GIF handling could induce a denial of service (crash with heap corruption) if exceptionally large color index values are supplied in a maliciously crafted GIF image file. - CVE-2007-3477 The imagearc() and imagefilledarc() routines in libgd allow an attacker in control of the parameters used to specify the degrees of arc for those drawing functions to perform a denial of service attack (excessive CPU consumption). - CVE-2007-3996 Multiple integer overflows exist in libgd's image resizing and creation routines; these weaknesses allow an attacker in control of the parameters passed to those routines to induce a crash or execute arbitrary code with the privileges of the user running an application or interpreter linked against libgd2.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 33552
    published 2008-07-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33552
    title Debian DSA-1613-1 : libgd2 - multiple vulnerabilities
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-854-1.NASL
    description Tomas Hoger discovered that the GD library did not properly handle the number of colors in certain malformed GD images. If a user or automated system were tricked into processing a specially crafted GD image, an attacker could cause a denial of service or possibly execute arbitrary code. (CVE-2009-3546) It was discovered that the GD library did not properly handle incorrect color indexes. An attacker could send specially crafted input to applications linked against libgd2 and cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 6.06 LTS. (CVE-2009-3293) It was discovered that the GD library did not properly handle certain malformed GIF images. If a user or automated system were tricked into processing a specially crafted GIF image, an attacker could cause a denial of service. This issue only affected Ubuntu 6.06 LTS. (CVE-2007-3475, CVE-2007-3476) It was discovered that the GD library did not properly handle large angle degree values. An attacker could send specially crafted input to applications linked against libgd2 and cause a denial of service. This issue only affected Ubuntu 6.06 LTS. (CVE-2007-3477). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 42407
    published 2009-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42407
    title Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : libgd2 vulnerabilities (USN-854-1)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2018-120-01.NASL
    description New libwmf packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.
    last seen 2019-02-21
    modified 2018-05-01
    plugin id 109432
    published 2018-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109432
    title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : libwmf (SSA:2018-120-01)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_APACHE2-MOD_PHP5-3978.NASL
    description This update fixes multiple bugs in php : - predictable generaton of an initialization vector (IV) in the mcrypt extension - additional cookie attributes could be injected via a session id - specially crafted files could cause integer overflows in gd and leverage them to at least crash gd based applications - insufficient validation of parmeters in the substr_count function - predictable generaton of an initialization vector (IV) in the soap extension CVE-2007-2727, CVE-2007-2748, CVE-2007-2728, CVE-2007-3472 CVE-2007-3475, CVE-2007-3476, CVE-2007-3477, CVE-2007-3478 CVE-2007-3799
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27151
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27151
    title openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-3978)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_GD-3895.NASL
    description This update fixes multiple integer overflows in the gd library. Specially crafted files could leverage them to at least crash gd based applications. (CVE-2007-3472 / CVE-2007-3475 / CVE-2007-3476 / CVE-2007-3477 / CVE-2007-3478)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 29440
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29440
    title SuSE 10 Security Update : gd (ZYPP Patch Number 3895)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-153.NASL
    description GD versions prior to 2.0.35 have a number of bugs which potentially lead to denial of service and possibly other issues. Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified remote attack vectors and impact. (CVE-2007-3472) The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure. (CVE-2007-3473) Multiple unspecified vulnerabilities in the GIF reader in the GD Graphics Library (libgd) before 2.0.35 allow user-assisted remote attackers to have unspecified attack vectors and impact. (CVE-2007-3474) The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map. (CVE-2007-3475) Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault. (CVE-2007-3476) The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allows attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value. (CVE-2007-3477) Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support. (CVE-2007-3478) The security issues related to GIF image handling (CVE-2007-3473, CVE-2007-3474, CVE-2007-3475, CVE-2007-3476) do not affect Corporate 3.0, as the version of GD included in these versions does not include GIF support. Updated packages have been patched to prevent these issues.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 25875
    published 2007-08-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25875
    title Mandrake Linux Security Advisory : gd (MDKSA-2007:153)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_CA139C7F2A8C11E5A4A5002590263BF5.NASL
    description Mitre reports : Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function, a different set of vulnerabilities than CVE-2004-0990. Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font. The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service (CPU consumption) via a crafted PNG image with truncated data, which causes an infinite loop in the png_read_info function in libpng. Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified attack vectors and impact. The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure. The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allow attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value. The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information. Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image. meta.h in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WMF file. Use-after-free vulnerability in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) via a crafted WMF file to the (1) wmf2gd or (2) wmf2eps command. Heap-based buffer overflow in the DecodeImage function in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted 'run-length count' in an image in a WMF file.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 84782
    published 2015-07-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84782
    title FreeBSD : libwmf -- multiple vulnerabilities (ca139c7f-2a8c-11e5-a4a5-002590263bf5)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_6E09999725D811DC878B000C29C5647F.NASL
    description gd had been reported vulnerable to several vulnerabilities : - CVE-2007-3472: Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers has unspecified attack vectors and impact. - CVE-2007-3473: The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure. - CVE-2007-3474: Multiple unspecified vulnerabilities in the GIF reader in the GD Graphics Library (libgd) before 2.0.35 allow user-assisted remote attackers to have unspecified attack vectors and impact. - CVE-2007-3475: The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map. - CVE-2007-3476: Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault. - CVE-2007-3477: The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allows attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value. - CVE-2007-3478: Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 25633
    published 2007-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25633
    title FreeBSD : gd -- multiple vulnerabilities (6e099997-25d8-11dc-878b-000c29c5647f)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-164.NASL
    description Maurycy Prodeus found an integer overflow vulnerability in the way various PDF viewers processed PDF files. An attacker could create a malicious PDF file that could cause tetex to crash and possibly execute arbitrary code open a user opening the file. In addition, tetex contains an embedded copy of the GD library which suffers from a number of bugs which potentially lead to denial of service and possibly other issues. Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified remote attack vectors and impact. (CVE-2007-3472) The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure. (CVE-2007-3473) Multiple unspecified vulnerabilities in the GIF reader in the GD Graphics Library (libgd) before 2.0.35 allow user-assisted remote attackers to have unspecified attack vectors and impact. (CVE-2007-3474) The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map. (CVE-2007-3475) Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault. (CVE-2007-3476) The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allows attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value. (CVE-2007-3477) Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support. (CVE-2007-3478) Updated packages have been patched to prevent these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 25896
    published 2007-08-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25896
    title Mandrake Linux Security Advisory : tetex (MDKSA-2007:164)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_APACHE2-MOD_PHP5-3979.NASL
    description This update fixes multiple bugs in php : - predictable generaton of an initialization vector (IV) in the mcrypt extension - additional cookie attributes could be injected via a session id - specially crafted files could cause integer overflows in gd and leverage them to at least crash gd based applications - insufficient validation of parmeters in the substr_count function - predictable generaton of an initialization vector (IV) in the soap extension CVE-2007-2727, CVE-2007-2748, CVE-2007-2728, CVE-2007-3472 CVE-2007-3475, CVE-2007-3476, CVE-2007-3477, CVE-2007-3478 CVE-2007-3799
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27152
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27152
    title openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-3979)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-692.NASL
    description - Wed Sep 5 2007 Ivana Varekova - 2.0.35-1 - update to 2.0.35 - fix several vulnerabilities #277421 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-08
    plugin id 26081
    published 2007-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26081
    title Fedora Core 6 : gd-2.0.35-1.fc6 (2007-692)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200708-05.NASL
    description The remote host is affected by the vulnerability described in GLSA-200708-05 (GD: Multiple vulnerabilities) Xavier Roche discovered an infinite loop in the gdPngReadData() function when processing a truncated PNG file (CVE-2007-2756). An integer overflow has been discovered in the gdImageCreateTrueColor() function (CVE-2007-3472). An error has been discovered in the function gdImageCreateXbm() function (CVE-2007-3473). Unspecified vulnerabilities have been discovered in the GIF reader (CVE-2007-3474). An error has been discovered when processing a GIF image that has no global color map (CVE-2007-3475). An array index error has been discovered in the file gd_gif_in.c when processing images with an invalid color index (CVE-2007-3476). An error has been discovered in the imagearc() and imagefilledarc() functions when processing overly large angle values (CVE-2007-3477). A race condition has been discovered in the gdImageStringFTEx() function (CVE-2007-3478). Impact : A remote attacker could exploit one of these vulnerabilities to cause a Denial of Service or possibly execute arbitrary code with the privileges of the user running GD. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 25870
    published 2007-08-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25870
    title GLSA-200708-05 : GD: Multiple vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-19033.NASL
    description - Mon Dec 6 2010 Caolan McNamara - 0.2.8.4-27 - Resolves: rhbz#660161 security issues Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 51415
    published 2011-01-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51415
    title Fedora 14 : libwmf-0.2.8.4-27.fc14 (2010-19033)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_GD-3896.NASL
    description This update fixes multiple integer overflows in the gd library. Specially crafted files could leverage them to at least crash gd based applications (CVE-2007-3472, CVE-2007-3475, CVE-2007-3476, CVE-2007-3477, CVE-2007-3478).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27231
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27231
    title openSUSE 10 Security Update : gd (gd-3896)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-19022.NASL
    description - Mon Dec 6 2010 Caolan McNamara - 0.2.8.4-22 - Resolves: rhbz#660161 security issues Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 51414
    published 2011-01-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51414
    title Fedora 13 : libwmf-0.2.8.4-22.fc13 (2010-19022)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_11666.NASL
    description This update fixes multiple bugs in PHP : - Predictable generaton of an initialization vector (IV) in the mcrypt extension - Additional cookie attributes could be injected via a session ID. - Specially crafted files could cause integer overflows in gd and leverage them to at least crash gd based applications. This update covers CVE IDs CVE-2007-2727, CVE-2007-3472, CVE-2007-3475, CVE-2007-3476 CVE-2007-3477, CVE-2007-3478 and CVE-2007-3799.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 41143
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41143
    title SuSE9 Security Update : PHP4 (YOU Patch Number 11666)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_11578.NASL
    description This update fixes multiple integer overflows in the gd library. Specially crafted files could leverage them to at least crash gd based applications. (CVE-2007-3472, CVE-2007-3475, CVE-2007-3476, CVE-2007-3477, CVE-2007-3478)
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 41138
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41138
    title SuSE9 Security Update : gd (YOU Patch Number 11578)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-2055.NASL
    description - Wed Sep 5 2007 Ivana varekova 2.0.35-1 - update to 2.0.35 - fix several vulnerabilities #277421 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 27748
    published 2007-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27748
    title Fedora 7 : gd-2.0.35-1.fc7 (2007-2055)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_APACHE2-MOD_PHP5-3980.NASL
    description This update fixes multiple bugs in php : - predictable generaton of an initialization vector (IV) in the mcrypt extension - additional cookie attributes could be injected via a session id - specially crafted files could cause integer overflows in gd and leverage them to at least crash gd based applications - insufficient validation of parmeters in the substr_count function - predictable generaton of an initialization vector (IV) in the soap extension CVE-2007-2727 / CVE-2007-2748 / CVE-2007-2728 / CVE-2007-3472 / CVE-2007-3475 / CVE-2007-3476 / CVE-2007-3477 / CVE-2007-3478 / CVE-2007-3799
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 29379
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29379
    title SuSE 10 Security Update : PHP5 (ZYPP Patch Number 3980)
refmap via4
bid 24651
bugtraq 20070907 FLEA-2007-0052-1 gd
confirm
debian DSA-1613
fedora
  • FEDORA-2007-2055
  • FEDORA-2007-692
  • FEDORA-2010-19022
  • FEDORA-2010-19033
gentoo
  • GLSA-200708-05
  • GLSA-200711-34
  • GLSA-200805-13
mandriva
  • MDKSA-2007:153
  • MDKSA-2007:164
misc http://www.libgd.org/ReleaseNote020035
osvdb 42062
secunia
  • 25860
  • 26272
  • 26390
  • 26415
  • 26467
  • 26663
  • 26766
  • 26856
  • 30168
  • 31168
  • 42813
suse SUSE-SR:2007:015
trustix 2007-0024
vupen ADV-2011-0022
statements via4
contributor Mark J Cox
lastmodified 2008-02-14
organization Red Hat
statement Due to the minimal impact of this flaw (temporary DoS by high CPU usage) and low likelihood of this problem being exposed in a way that would allow trust boundary crossing, we currently do not plan to backport a fix for this issue to the versions of gd as shipped in Red Hat Enterprise Linux 2.1, 3, 4 or 5.
Last major update 30-10-2012 - 22:38
Published 28-06-2007 - 14:30
Last modified 16-10-2018 - 12:50
Back to Top