Lucene search

[email protected]CVE-2006-4484

HistoryAug 31, 2006 - 9:04 p.m.

CVE-2006-4484

2006-08-3121:04:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

php

gd extension

buffer overflow

cve-2006-4484

security vulnerability

nvd

6.6 Medium

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

0.317 Low

EPSS

Percentile

96.9%

JSON

Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array.

CPENameOperatorVersion
php:phpphpeq5.1.2
php:phpphpeq5.1.1
php:phpphpeq5.1.4
php:phpphpeq5.1.0

CPE	Name	Operator	Version
php:php	php	eq	5.1.2
php:php	php	eq	5.1.1
php:php	php	eq	5.1.4
php:php	php	eq	5.1.0

References

ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc

bugs.php.net/bug.php?id=38112

cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_gif_in.c?r1=1.10&r2=1.11

cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_gif_in.c?view=log

lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html

lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html

rhn.redhat.com/errata/RHSA-2006-0688.html

secunia.com/advisories/21546

secunia.com/advisories/21768

secunia.com/advisories/21842

secunia.com/advisories/22039

secunia.com/advisories/22069

secunia.com/advisories/22225

secunia.com/advisories/22440

secunia.com/advisories/22487

secunia.com/advisories/22538

secunia.com/advisories/28768

secunia.com/advisories/28838

secunia.com/advisories/28845

secunia.com/advisories/28866

secunia.com/advisories/28959

secunia.com/advisories/29157

secunia.com/advisories/29242

secunia.com/advisories/29546

secunia.com/advisories/30717

securitytracker.com/id?1016984

support.avaya.com/elmodocs2/security/ASA-2006-222.htm

support.avaya.com/elmodocs2/security/ASA-2006-223.htm

wiki.rpath.com/Advisories:rPSA-2008-0046

wiki.rpath.com/wiki/Advisories:rPSA-2008-0046

www.mandriva.com/security/advisories?name=MDKSA-2006:162

www.mandriva.com/security/advisories?name=MDVSA-2008:038

www.mandriva.com/security/advisories?name=MDVSA-2008:077

www.novell.com/linux/security/advisories/2006_52_php.html

www.novell.com/linux/security/advisories/2008_13_sr.html

www.php.net/ChangeLog-5.php#5.1.5

www.php.net/release_5_1_5.php

www.redhat.com/support/errata/RHSA-2008-0146.html

www.securityfocus.com/archive/1/447866/100/0/threaded

www.securityfocus.com/archive/1/487683/100/0/threaded

www.securityfocus.com/archive/1/488008/100/0/threaded

www.securityfocus.com/bid/19582

www.turbolinux.com/security/2006/TLSA-2006-38.txt

www.ubuntu.com/usn/usn-342-1

www.vupen.com/english/advisories/2006/3318

bugzilla.redhat.com/show_bug.cgi?id=431568

issues.rpath.com/browse/RPL-2218

issues.rpath.com/browse/RPL-683

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9004

www.redhat.com/archives/fedora-package-announce/2008-February/msg00502.html

6.6 Medium

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

0.317 Low

EPSS

Percentile

96.9%

JSON

Related for CVE-2006-4484

nessus23 openvas27 debiancve5 fedora3 ubuntucve5 cve4 prion4 securityvulns1 gentoo1 ubuntu1 centos2 redhat3 oraclelinux3 freebsd1 suse1