CVE-2007-3478

Race condition in gdImageStringFTEx gdftdrawbitmap in gdft.c in the GD Graphics Library libgd before 2.0.35 allows user-assisted remote attackers to cause a denial of service crash via unspecified vectors, possibly involving truetype font TTF support...

CVE-2007-3472

Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library libgd before 2.0.35 allows user-assisted remote attackers to have unspecified attack vectors and impact...

CVE-2007-3472

CVE-2007-3472 is an integer overflow in libgd's gdImageCreateTrueColor() prior to 2.0.35. It allows user‑assisted remote attackers to have unspecified attack vectors and impact. Affected: GD Graphics Library (libgd) before 2.0.35. Mitigation: upgrade to 2.0.35 or newer (per multiple advisories). ...

CVE-2007-3472

Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library libgd before 2.0.35 allows user-assisted remote attackers to have unspecified attack vectors and impact...

CVE-2007-3473

The gdImageCreateXbm function in the GD Graphics Library libgd before 2.0.35 allows user-assisted remote attackers to cause a denial of service crash via unspecified vectors involving a gdImageCreate failure...

CVE-2007-3477

The a imagearc and b imagefilledarc functions in GD Graphics Library libgd before 2.0.35 allow attackers to cause a denial of service CPU consumption via a large 1 start or 2 end angle degree value...

CVE-2007-3476

Array index error in gdgifin.c in the GD Graphics Library libgd before 2.0.35 allows user-assisted remote attackers to cause a denial of service crash and heap corruption via large color index values in crafted image data, which results in a segmentation fault...

CVE-2007-3475

CVE-2007-3475 affects the GD Graphics Library (libgd) before 2.0.35. A crafted GIF image with no global color map can cause a remote denial of service (crash). References from OpenVAS/Ubuntu advisories confirm the issue; remediation is to upgrade to libgd 2.0.35 or later where available.

CVE-2007-3473

The CVE-2007-3473 issue affects the GD Graphics Library (libgd) prior to 2.0.35, where the gdImageCreateXbm function can be triggered by a gdImageCreate failure to cause a denial of service (crash). Exploitation details in the connected documents indicate a remote, user-assisted vector, with no e...

GD Graphics Library 2.0.34 - libgd gdImageCreateXbm Function Unspecified Denial of Service

GD Graphics Library 2.0.34 - libgd gdImageCreateXbm Function Unspecified Denial of Service // source: https://www.securityfocus.com/bid/24651/info The GD graphics library is prone to multiple vulnerabilities. An attacker can exploit this issue to cause denial-of-service conditions or execute...

GD Graphics Library 2.0.34 - 'libgd' gdImageCreateXbm Function Unspecified Denial of Service

// source: https://www.securityfocus.com/bid/24651/info The GD graphics library is prone to multiple vulnerabilities. An attacker can exploit this issue to cause denial-of-service conditions or execute arbitrary code in the context of applications implementing the affected library. Version prior ...

Mandrake Linux Security Advisory : tetex (MDKSA-2007:109)

Buffer overflow in the gdImageStringFTEx function in gdft.c in the GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a crafted string with a JIS encoded font. Tetex 3.x uses an embedded copy of the...

security flaw

Multiple integer overflows in the 1 createwbmp and 2 readwbmp functions in wbmp.c in the GD library libgd in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allow context-dependent attackers to execute arbitrary code via Wireless Bitmap WBMP images with large width or height values...

gd: buffer overrun

Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a crafted string with a JIS encoded font...

gd: buffer overrun

Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a crafted string with a JIS encoded font...

Mandrake Linux Security Advisory : php (MDKSA-2007:038)

PHP 5.2.0 and 4.4 allows local users to bypass safemode and openbasedir restrictions via a malicious path and a null byte before a ';' in a sessionsavepath argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.savepath...

Mandrake Linux Security Advisory : imlib2 (MDKSA-2006:198-1)

M Joonas Pihlaja discovered several vulnerabilities in the Imlib2 graphics library. The load function of several of the Imlib2 image loaders does not check the width and height of an image before allocating memory. As a result, a carefully crafted image file can trigger a segfault when an...

[SECURITY] Fedora Core 5 Update: gd-2.0.33-7.fc5

The gd graphics library allows your code to quickly draw images complete with lines, arcs, text, multiple colors, cut and paste from other images, and flood fills, and to write out the result as a PNG or JPEG file. This is particularly useful in Web applications, where PNG and JPEG are two of the...

[SECURITY] Fedora Core 6 Update: gd-2.0.33-10.fc6

The gd graphics library allows your code to quickly draw images complete with lines, arcs, text, multiple colors, cut and paste from other images, and flood fills, and to write out the result as a PNG or JPEG file. This is particularly useful in Web applications, where PNG and JPEG are two of the...

GD图形库JIS编码字体缓冲区溢出漏洞

GD Graphics Library是一款流行的图形库，用于动态图象建立。 GD图形库处理JIS编码字体存在缓冲区溢出，远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 当处理特殊畸形的字符串时如果使用了JIS编码字体，由于NULL终止符的增加，会导致不可预料的结果，可能导致以应用程序进程权限任意指令执行。 RedHat Enterprise Linux WS 5 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux ES 5 RedHat Enterprise Linux ES 4 RedHat Enterprise Linu...