Lucene search

[email protected]CVE-2007-2756

HistoryMay 18, 2007 - 6:30 p.m.

CVE-2007-2756

2007-05-1818:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-2756

libgd

denial of service

cpu consumption

png image

libpng

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.058 Low

EPSS

Percentile

93.3%

JSON

The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service (CPU consumption) via a crafted PNG image with truncated data, which causes an infinite loop in the png_read_info function in libpng.

CPENameOperatorVersion
libgd:libgdlibgdeq2.0.34

CPE	Name	Operator	Version
libgd:libgd	libgd	eq	2.0.34

References

bugs.libgd.org/?do=details&task_id=86

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795

lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html

osvdb.org/35788

osvdb.org/36643

rhn.redhat.com/errata/RHSA-2007-0889.html

secunia.com/advisories/25353

secunia.com/advisories/25362

secunia.com/advisories/25378

secunia.com/advisories/25535

secunia.com/advisories/25575

secunia.com/advisories/25590

secunia.com/advisories/25646

secunia.com/advisories/25657

secunia.com/advisories/25658

secunia.com/advisories/25787

secunia.com/advisories/25855

secunia.com/advisories/26048

secunia.com/advisories/26231

secunia.com/advisories/26390

secunia.com/advisories/26871

secunia.com/advisories/26895

secunia.com/advisories/26930

secunia.com/advisories/26967

secunia.com/advisories/27037

secunia.com/advisories/27102

secunia.com/advisories/27110

secunia.com/advisories/27545

secunia.com/advisories/29157

secunia.com/advisories/30168

security.gentoo.org/glsa/glsa-200708-05.xml

security.gentoo.org/glsa/glsa-200711-34.xml

security.gentoo.org/glsa/glsa-200805-13.xml

slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.482863

support.avaya.com/elmodocs2/security/ASA-2007-449.htm

www.gentoo.org/security/en/glsa/glsa-200710-02.xml

www.libgd.org/ReleaseNote020035

www.mandriva.com/security/advisories?name=MDKSA-2007:122

www.mandriva.com/security/advisories?name=MDKSA-2007:123

www.mandriva.com/security/advisories?name=MDKSA-2007:124

www.mandriva.com/security/advisories?name=MDKSA-2007:187

www.novell.com/linux/security/advisories/2007_13_sr.html

www.openpkg.com/security/advisories/OpenPKG-SA-2007.020.html

www.php.net/releases/5_2_3.php

www.redhat.com/support/errata/RHSA-2007-0890.html

www.redhat.com/support/errata/RHSA-2007-0891.html

www.redhat.com/support/errata/RHSA-2008-0146.html

www.securityfocus.com/bid/24089

www.securitytracker.com/id?1018187

www.trustix.org/errata/2007/0019/

www.trustix.org/errata/2007/0023/

www.ubuntu.com/usn/usn-473-1

www.vupen.com/english/advisories/2007/1904

www.vupen.com/english/advisories/2007/1905

www.vupen.com/english/advisories/2007/2016

www.vupen.com/english/advisories/2007/2336

www.vupen.com/english/advisories/2007/3386

exchange.xforce.ibmcloud.com/vulnerabilities/34420

issues.rpath.com/browse/RPL-1394

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10779

www.redhat.com/archives/fedora-package-announce/2007-September/msg00354.html

www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html

Social References

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.058 Low

EPSS

Percentile

93.3%

JSON

Related for CVE-2007-2756

openvas43 nessus32 ubuntucve1 prion1 securityvulns4 veracode1 debiancve1 ubuntu1 slackware2 osv1 fedora1 oraclelinux3 centos3 redhat4 gentoo2 amazon1 suse1 freebsd1 archlinux1 kitploit1