Lucene search

[email protected]CVE-2007-3478

HistoryJun 28, 2007 - 6:30 p.m.

CVE-2007-3478

2007-06-2818:30:00

CWE-362

[email protected]

web.nvd.nist.gov

cve-2007-3478

race condition

gdimagestringftex

libgd

denial of service

crash

nvd

security

vulnerability

exploit

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.3 Medium

AI Score

Confidence

Low

0.181 Low

EPSS

Percentile

96.2%

JSON

Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support.

Affected configurations

NVD

Node

gd_graphics_librarygdlibRange≤2.0.34

CPENameOperatorVersion
gd_graphics_library:gdlibgd graphics library gdlible2.0.34

CPE	Name	Operator	Version
gd_graphics_library:gdlib	gd graphics library gdlib	le	2.0.34

References

bugs.libgd.org/?do=details&task_id=48

bugs.php.net/bug.php?id=40578

fedoranews.org/updates/FEDORA-2007-205.shtml

lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html

lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html

osvdb.org/37740

secunia.com/advisories/25855

secunia.com/advisories/26272

secunia.com/advisories/26390

secunia.com/advisories/26415

secunia.com/advisories/26467

secunia.com/advisories/26663

secunia.com/advisories/26766

secunia.com/advisories/26856

secunia.com/advisories/30168

secunia.com/advisories/42813

security.gentoo.org/glsa/glsa-200708-05.xml

security.gentoo.org/glsa/glsa-200711-34.xml

security.gentoo.org/glsa/glsa-200805-13.xml

www.libgd.org/ReleaseNote020035

www.mandriva.com/security/advisories?name=MDKSA-2007:153

www.mandriva.com/security/advisories?name=MDKSA-2007:164

www.novell.com/linux/security/advisories/2007_15_sr.html

www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html

www.securityfocus.com/archive/1/478796/100/0/threaded

www.trustix.org/errata/2007/0024/

www.vupen.com/english/advisories/2007/2336

www.vupen.com/english/advisories/2011/0022

bugzilla.redhat.com/show_bug.cgi?id=277421

issues.rpath.com/browse/RPL-1643

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.3 Medium

AI Score

Confidence

Low

0.181 Low

EPSS

Percentile

96.2%

JSON

Related for CVE-2007-3478

debiancve1 cvelist1 nvd1 prion1 ubuntucve1 nessus15 openvas22 freebsd1 securityvulns2 fedora1 gentoo1