Lucene search

K

[email protected]CVE-2007-1001

HistoryApr 06, 2007 - 12:19 a.m.

CVE-2007-1001

2007-04-0600:19:00

CWE-189

[email protected]

web.nvd.nist.gov

47

cve-2007-1001

integer overflows

gd library

php

nvd

security vulnerability

arbitrary code execution

7.1 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.031 Low

EPSS

Percentile

91.0%

Multiple integer overflows in the (1) createwbmp and (2) readwbmp functions in wbmp.c in the GD library (libgd) in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allow context-dependent attackers to execute arbitrary code via Wireless Bitmap (WBMP) images with large width or height values.

CPENameOperatorVersion
php:phpphpeq4.3.9
php:phpphpeq4.0
php:phpphpeq5.1.5
php:phpphpeq5.1.2
php:phpphpeq4.2.0
php:phpphpeq5.1.1
php:phpphpeq4.4.4
php:phpphpeq5.0.0
php:phpphpeq4.1.0
php:phpphpeq5.1.6

Rows per page:

1-10 of 521

References

cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/wbmp.c?r1=1.2.4.1&r2=1.2.4.1.8.1

cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/wbmp.c?revision=1.2.4.1.8.1&view=markup

docs.info.apple.com/article.html?artnum=306172

ifsec.blogspot.com/2007/04/php-521-wbmp-file-handling-integer.html

lists.apple.com/archives/security-announce//2007/Jul/msg00004.html

rhn.redhat.com/errata/RHSA-2007-0155.html

secunia.com/advisories/24814

secunia.com/advisories/24909

secunia.com/advisories/24924

secunia.com/advisories/24945

secunia.com/advisories/24965

secunia.com/advisories/25056

secunia.com/advisories/25151

secunia.com/advisories/25445

secunia.com/advisories/26235

security.gentoo.org/glsa/glsa-200705-19.xml

us2.php.net/releases/4_4_7.php

us2.php.net/releases/5_2_2.php

www.mandriva.com/security/advisories?name=MDKSA-2007:087

www.mandriva.com/security/advisories?name=MDKSA-2007:088

www.mandriva.com/security/advisories?name=MDKSA-2007:089

www.mandriva.com/security/advisories?name=MDKSA-2007:090

www.novell.com/linux/security/advisories/2007_32_php.html

www.redhat.com/support/errata/RHSA-2007-0153.html

www.redhat.com/support/errata/RHSA-2007-0162.html

www.securityfocus.com/archive/1/464957/100/0/threaded

www.securityfocus.com/archive/1/466166/100/0/threaded

www.securityfocus.com/bid/23357

www.securityfocus.com/bid/25159

www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.470053

www.vupen.com/english/advisories/2007/1269

www.vupen.com/english/advisories/2007/2732

exchange.xforce.ibmcloud.com/vulnerabilities/33453

issues.rpath.com/browse/RPL-1268

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10179

7.1 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.031 Low

EPSS

Percentile

91.0%

Related for CVE-2007-1001

prion1 debiancve1 openvas14 slackware1 ubuntucve1 nessus18 securityvulns2 veracode1 freebsd1 redhat3 centos2 fedora3 oraclelinux2 f52 gentoo1 suse1 seebug1