9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.018 Low
EPSS
Percentile
86.9%
The gd packages provide a graphics library used for the dynamic creation of
images, such as PNG and JPEG.
A missing input sanitization flaw, leading to a buffer overflow, was
discovered in the gd library. A specially-crafted GD image file could cause
an application using the gd library to crash or, possibly, execute
arbitrary code when opened. (CVE-2009-3546)
Users of gd should upgrade to these updated packages, which contain a
backported patch to resolve this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 5 | i386 | gd-devel | < 2.0.33-9.4.el5_4.2 | gd-devel-2.0.33-9.4.el5_4.2.i386.rpm |
RedHat | 5 | i386 | gd | < 2.0.33-9.4.el5_4.2 | gd-2.0.33-9.4.el5_4.2.i386.rpm |
RedHat | 4 | x86_64 | gd-devel | < 2.0.28-5.4E.el4_8.1 | gd-devel-2.0.28-5.4E.el4_8.1.x86_64.rpm |
RedHat | 4 | i386 | gd-devel | < 2.0.28-5.4E.el4_8.1 | gd-devel-2.0.28-5.4E.el4_8.1.i386.rpm |
RedHat | 4 | s390x | gd | < 2.0.28-5.4E.el4_8.1 | gd-2.0.28-5.4E.el4_8.1.s390x.rpm |
RedHat | 5 | ppc64 | gd-devel | < 2.0.33-9.4.el5_4.2 | gd-devel-2.0.33-9.4.el5_4.2.ppc64.rpm |
RedHat | 5 | i386 | gd-progs | < 2.0.33-9.4.el5_4.2 | gd-progs-2.0.33-9.4.el5_4.2.i386.rpm |
RedHat | 5 | s390x | gd-devel | < 2.0.33-9.4.el5_4.2 | gd-devel-2.0.33-9.4.el5_4.2.s390x.rpm |
RedHat | 5 | s390x | gd | < 2.0.33-9.4.el5_4.2 | gd-2.0.33-9.4.el5_4.2.s390x.rpm |
RedHat | 5 | ppc | gd-devel | < 2.0.33-9.4.el5_4.2 | gd-devel-2.0.33-9.4.el5_4.2.ppc.rpm |