Lucene search

K

[email protected]CVE-2007-3472

HistoryJun 28, 2007 - 6:30 p.m.

CVE-2007-3472

2007-06-2818:30:00

CWE-189

[email protected]

web.nvd.nist.gov

35

cve-2007-3472

integer overflow

gdimagecreatetruecolor

gd graphics library

libgd

remote attackers

nvd

6.4 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.029 Low

EPSS

Percentile

90.6%

Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified attack vectors and impact.

CPENameOperatorVersion
libgd:gd_graphics_librarylibgd gd graphics libraryeq2.0.34
libgd:gd_graphics_librarylibgd gd graphics libraryeq2.0.33
libgd:gd_graphics_librarylibgd gd graphics libraryeq2.0.35

References

ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz

bugs.libgd.org/?do=details&task_id=89

fedoranews.org/updates/FEDORA-2007-205.shtml

lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html

lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html

osvdb.org/37745

secunia.com/advisories/25855

secunia.com/advisories/25860

secunia.com/advisories/26272

secunia.com/advisories/26390

secunia.com/advisories/26415

secunia.com/advisories/26467

secunia.com/advisories/26663

secunia.com/advisories/26766

secunia.com/advisories/26856

secunia.com/advisories/29157

secunia.com/advisories/30168

secunia.com/advisories/42813

security.gentoo.org/glsa/glsa-200708-05.xml

security.gentoo.org/glsa/glsa-200711-34.xml

security.gentoo.org/glsa/glsa-200805-13.xml

www.libgd.org/ReleaseNote020035

www.mandriva.com/security/advisories?name=MDKSA-2007:153

www.mandriva.com/security/advisories?name=MDKSA-2007:164

www.novell.com/linux/security/advisories/2007_15_sr.html

www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html

www.redhat.com/support/errata/RHSA-2008-0146.html

www.securityfocus.com/archive/1/478796/100/0/threaded

www.securityfocus.com/bid/24651

www.secweb.se/en/advisories/gd-gdimagecreatetruecolor-integer-overflow/

www.trustix.org/errata/2007/0024/

www.vupen.com/english/advisories/2007/2336

www.vupen.com/english/advisories/2011/0022

bugzilla.redhat.com/show_bug.cgi?id=277421

exchange.xforce.ibmcloud.com/vulnerabilities/35108

issues.rpath.com/browse/RPL-1643

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11067

6.4 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.029 Low

EPSS

Percentile

90.6%

Related for CVE-2007-3472

prion1 debiancve1 ubuntucve1 openvas31 nessus22 securityvulns2 redhat1 oraclelinux1 fedora1 centos1 freebsd2 gentoo1 amazon1 archlinux1 slackware1 kitploit1