Lucene search

MitreCVE-2007-3473

HistoryJun 28, 2007 - 6:30 p.m.

CVE-2007-3473

2007-06-2818:30:00

mitre

web.nvd.nist.gov

cve-2007-3473

gdimagecreatexbm

gd graphics library

libgd

denial of service

crash

remote attackers

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

6.1

Confidence

High

EPSS

0.27

Percentile

96.8%

JSON

The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure.

Affected configurations

Nvd

Node

libgdgd_graphics_libraryRange≤2.0.35_rc5

VendorProductVersionCPE
libgdgd_graphics_library*cpe:2.3:a:libgd:gd_graphics_library:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
libgd	gd_graphics_library	*	cpe:2.3:a:libgd:gd_graphics_library::::::::

References

ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz

bugs.libgd.org/?do=details&task_id=94

fedoranews.org/updates/FEDORA-2007-205.shtml

lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html

lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html

osvdb.org/37744

secunia.com/advisories/25855

secunia.com/advisories/25860

secunia.com/advisories/26272

secunia.com/advisories/26390

secunia.com/advisories/26415

secunia.com/advisories/26467

secunia.com/advisories/26663

secunia.com/advisories/26766

secunia.com/advisories/26856

secunia.com/advisories/29157

secunia.com/advisories/30168

secunia.com/advisories/42813

security.gentoo.org/glsa/glsa-200708-05.xml

security.gentoo.org/glsa/glsa-200711-34.xml

security.gentoo.org/glsa/glsa-200805-13.xml

www.libgd.org/ReleaseNote020035

www.mandriva.com/security/advisories?name=MDKSA-2007:153

www.mandriva.com/security/advisories?name=MDKSA-2007:164

www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html

www.redhat.com/support/errata/RHSA-2008-0146.html

www.securityfocus.com/archive/1/478796/100/0/threaded

www.securityfocus.com/bid/24651

www.trustix.org/errata/2007/0024/

www.vupen.com/english/advisories/2007/2336

www.vupen.com/english/advisories/2011/0022

bugzilla.redhat.com/show_bug.cgi?id=277421

exchange.xforce.ibmcloud.com/vulnerabilities/35109

issues.rpath.com/browse/RPL-1643

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11806

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

6.1

Confidence

High

EPSS

0.27

Percentile

96.8%

JSON

Related for CVE-2007-3473