A buffer overflow was discovered in libgd2’s font renderer. By tricking
an application using libgd2 into rendering a specially crafted string
with a JIS encoded font, a remote attacker could read heap memory or
crash the application, leading to a denial of service. (CVE-2007-0455)
Xavier Roche discovered that libgd2 did not correctly validate PNG
callback results. If an application were tricked into processing a
specially crafted PNG image, it would monopolize CPU resources. Since
libgd2 is often used in PHP and Perl web applications, this could lead
to a remote denial of service. (CVE-2007-2756)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 7.04 | noarch | libgd2-xpm | < 2.0.34~rc1-2ubuntu1.1 | UNKNOWN |
Ubuntu | 7.04 | noarch | libgd2-noxpm | < 2.0.34~rc1-2ubuntu1.1 | UNKNOWN |
Ubuntu | 6.10 | noarch | libgd2-xpm | < 2.0.33-4ubuntu2.1 | UNKNOWN |
Ubuntu | 6.10 | noarch | libgd2-noxpm | < 2.0.33-4ubuntu2.1 | UNKNOWN |
Ubuntu | 6.06 | noarch | libgd2-xpm | < 2.0.33-2ubuntu5.2 | UNKNOWN |
Ubuntu | 6.06 | noarch | libgd2-noxpm | < 2.0.33-2ubuntu5.2 | UNKNOWN |