6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.056 Low
EPSS
Percentile
93.2%
Multiple integer overflows in libgd in PHP before 5.2.4 allow remote
attackers to cause a denial of service (application crash) and possibly
execute arbitrary code via a large (1) srcW or (2) srcH value to the (a)
gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width)
value to the (b) gdImageCreate or the © gdImageCreateTrueColor function.
Author | Note |
---|---|
jdstrand | note this is gdImageCreate and gdImageCreateTrueColor dapper-gutsy libgd2 are affected to varying degrees php5-gd segfaults on feisty and gutsy before patching libgd2, and dapper-gutsy segfault after (this is because feisty-gutsy had a partial fix already in libgd2). php5-gd is not handling the error condition when libgd2 fails properly. Verified that 5.2.4 works with patched libgd2. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 6.06 | noarch | libgd2 | < 2.0.33-2ubuntu5.3 | UNKNOWN |
ubuntu | 6.10 | noarch | libgd2 | < 2.0.33-4ubuntu2.2 | UNKNOWN |
ubuntu | 7.04 | noarch | libgd2 | < 2.0.34~rc1-2ubuntu1.2 | UNKNOWN |
ubuntu | 7.10 | noarch | libgd2 | < 2.0.34-1ubuntu1.1 | UNKNOWN |
ubuntu | 6.06 | noarch | php5 | < 5.1.2-1ubuntu3.13 | UNKNOWN |
ubuntu | 7.10 | noarch | php5 | < 5.2.3-1ubuntu6.5 | UNKNOWN |
www.secweb.se/en/advisories/php-imagecreatetruecolor-integer-overflow/
launchpad.net/bugs/cve/CVE-2007-3996
nvd.nist.gov/vuln/detail/CVE-2007-3996
security-tracker.debian.org/tracker/CVE-2007-3996
ubuntu.com/security/notices/USN-557-1
ubuntu.com/security/notices/USN-720-1
www.cve.org/CVERecord?id=CVE-2007-3996