Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-1936-1
HistoryNov 17, 2009 - 12:00 a.m.

libgd2 - several vulnerabilities

2009-11-1700:00:00
Google
osv.dev
7

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.062 Low

EPSS

Percentile

92.5%

JSON

Several vulnerabilities have been discovered in libgd2, a library for
programmatic graphics creation and manipulation. The Common
Vulnerabilities and Exposures project identifies the following problems:

  • CVE-2007-0455
    Kees Cook discovered a buffer overflow in libgd2’s font renderer. An
    attacker could cause denial of service (application crash) and
    possibly execute arbitrary code via a crafted string with a JIS
    encoded font. This issue only affects the oldstable distribution
    (etch).
  • CVE-2009-3546
    Tomas Hoger discovered a boundary error in the “_gdGetColors()”
    function. An attacker could conduct a buffer overflow or buffer
    over-read attacks via a crafted GD file.

For the oldstable distribution (etch), these problems have been fixed in
version 2.0.33-5.2etch2.

For the stable distribution (lenny), these problems have been fixed in
version 2.0.36~rc1~dfsg-3+lenny1.

For the upcoming stable distribution (squeeze) and the unstable
distribution (sid), these problems have been fixed in version
2.0.36~rc1~dfsg-3.1.

We recommend that you upgrade your libgd2 packages.

CPENameOperatorVersion
libgd2eq2.0.36~rc1~dfsg-3

Related

openvas 81
nessus 51
debian 1
redhat 6
veracode 2
fedora 11
oraclelinux 5
centos 5
gentoo 2
ubuntucve 2
prion 2
cve 2
securityvulns 3
debiancve 2
freebsd 2
ubuntu 2
amazon 1
archlinux 1
slackware 1
f5 2
kitploit 1
openvas
openvas
Debian Security Advisory DSA 1936-1 (libgd2)
2009-11-23 00:00:00
Debian: Security Advisory (DSA-1936-1)
2009-11-23 00:00:00
RedHat Update for gd RHSA-2010:0003-01
2010-01-15 00:00:00
nessus
nessus
Debian DSA-1936-1 : libgd2 - several vulnerabilities
2010-02-24 00:00:00
Fedora 12 : maniadrive-1.2-19.fc12 / php-5.3.1-1.fc12 (2009-12017)
2009-12-07 00:00:00
RHEL 4 / 5 : gd (RHSA-2010:0003)
2010-01-05 00:00:00
debian
debian
[SECURITY] [DSA 1936-1] New libgd2 packages fix several vulnerabilities
2009-11-17 20:52:01
redhat
redhat
(RHSA-2010:0003) Moderate: gd security update
2010-01-04 00:00:00
(RHSA-2007:0153) Moderate: php security update
2007-04-20 00:00:00
(RHSA-2007:0162) Moderate: php security update
2007-04-16 00:00:00
veracode
veracode
Buffer Overflow
2019-06-03 06:31:32
Arbitrary Code Execution
2020-04-10 00:15:21
fedora
fedora
[SECURITY] Fedora 17 Update: gd-2.0.35-17.fc17
2012-06-30 08:36:08
[SECURITY] Fedora 12 Update: maniadrive-1.2-19.fc12
2009-12-04 23:35:53
[SECURITY] Fedora 16 Update: gd-2.0.35-17.fc16
2012-06-30 08:36:30
oraclelinux
oraclelinux
gd security update
2010-01-04 00:00:00
php security update
2010-01-13 00:00:00
Important: php security update
2007-04-16 00:00:00
centos
centos
gd security update
2010-01-04 23:33:40
php security update
2007-04-21 13:47:06
php security update
2010-01-13 22:42:15
gentoo
gentoo
GD: User-assisted execution of arbitrary code
2010-06-03 00:00:00
PHP: Multiple vulnerabilities
2010-01-05 00:00:00
ubuntucve
ubuntucve
CVE-2007-0455
2007-01-30 00:00:00
CVE-2009-3546
2009-10-19 00:00:00
prion
prion
Buffer overflow
2007-01-30 17:28:00
Buffer overflow
2009-10-19 20:00:00
cve
cve
CVE-2007-0455
2007-01-30 17:28:00
CVE-2009-3546
2009-10-19 20:00:00
securityvulns
securityvulns
libgd graphics library code execution
2007-01-31 00:00:00
[ MDVSA-2009:284 ] gd
2009-10-20 00:00:00
PHP multiple security vulnerabilities
2009-10-20 00:00:00
debiancve
debiancve
CVE-2007-0455
2007-01-30 17:28:00
CVE-2009-3546
2009-10-19 20:00:00
freebsd
freebsd
gd -- '_gdGetColors' remote buffer overflow vulnerability
2009-10-15 00:00:00
libwmf -- multiple vulnerabilities
2004-10-12 00:00:00
ubuntu
ubuntu
libgd2 vulnerabilities
2007-06-12 00:00:00
GD library vulnerabilities
2009-11-05 00:00:00
amazon
amazon
Important: libwmf
2015-10-27 13:51:00
archlinux
archlinux
[ASA-201701-1] libwmf: multiple issues
2017-01-01 00:00:00
slackware
slackware
[slackware-security] libwmf
2018-05-01 01:19:49
f5
f5
K7859 : Multiple PHP vulnerabilities
2013-03-19 00:00:00
SOL7859 - Multiple PHP vulnerabilities
2007-09-16 00:00:00
kitploit
kitploit
arch-audit - An utility like pkg-audit for Arch Linux
2016-10-15 14:30:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.062 Low

EPSS

Percentile

92.5%

JSON
Related for OSV:DSA-1936-1
openvas81nessus51debian1redhat6veracode2fedora11oraclelinux5centos5gentoo2ubuntucve2prion2cve2securityvulns3debiancve2freebsd2ubuntu2amazon1archlinux1slackware1f52kitploit1