Executive Summary

Informations
Name CVE-2006-4484 First vendor Publication 2006-08-31
Vendor Cve Last vendor Modification 2018-10-30

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:N/I:N/A:P)
Cvss Base Score 2.6 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity High
Cvss Expoit Score 4.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4484

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:9004
 
Oval ID: oval:org.mitre.oval:def:9004
Title: Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array.
Description: Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array.
Family: unix Class: vulnerability
Reference(s): CVE-2006-4484
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 4

OpenVAS Exploits

Date Description
2012-06-21 Name : PHP 5.1.x < 5.1.5
File : nvt/nopsec_php_5_1_5.nasl
2009-10-13 Name : SLES10: Security update for perl-Tk
File : nvt/sles10_perl-Tk.nasl
2009-10-10 Name : SLES9: Security update for perl-Tk
File : nvt/sles9p5021923.nasl
2009-04-09 Name : Mandriva Update for gd MDVSA-2008:038 (gd)
File : nvt/gb_mandriva_MDVSA_2008_038.nasl
2009-04-09 Name : Mandriva Update for perl-Tk MDVSA-2008:077 (perl-Tk)
File : nvt/gb_mandriva_MDVSA_2008_077.nasl
2009-03-06 Name : RedHat Update for gd RHSA-2008:0146-01
File : nvt/gb_RHSA-2008_0146-01_gd.nasl
2009-02-27 Name : CentOS Update for gd CESA-2008:0146 centos4 i386
File : nvt/gb_CESA-2008_0146_gd_centos4_i386.nasl
2009-02-27 Name : CentOS Update for gd CESA-2008:0146 centos4 x86_64
File : nvt/gb_CESA-2008_0146_gd_centos4_x86_64.nasl
2009-02-16 Name : Fedora Update for graphviz FEDORA-2008-1643
File : nvt/gb_fedora_2008_1643_graphviz_fc7.nasl
2009-02-13 Name : Fedora Update for tk FEDORA-2008-1122
File : nvt/gb_fedora_2008_1122_tk_fc8.nasl
2009-02-13 Name : Fedora Update for tk FEDORA-2008-1131
File : nvt/gb_fedora_2008_1131_tk_fc7.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200802-01 (sdl-image)
File : nvt/glsa_200802_01.nasl
2008-09-04 Name : FreeBSD Ports: php4, php5
File : nvt/freebsd_php40.nasl
2008-09-04 Name : FreeBSD Ports: sdl_image
File : nvt/freebsd_sdl_image.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
28002 PHP GD Extension GIF Processing Overflow

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2006-0730.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0146.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20080228_gd_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2011-11-18 Name : The remote web server uses a version of PHP that is affected by multiple vuln...
File : php_5_1_5.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12093.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-038.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-077.nasl - Type : ACT_GATHER_INFO
2008-06-09 Name : The remote openSUSE host is missing a security update.
File : suse_tkimg-5328.nasl - Type : ACT_GATHER_INFO
2008-06-09 Name : The remote openSUSE host is missing a security update.
File : suse_tkimg-5320.nasl - Type : ACT_GATHER_INFO
2008-03-04 Name : The remote openSUSE host is missing a security update.
File : suse_perl-Tk-5035.nasl - Type : ACT_GATHER_INFO
2008-03-04 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_perl-Tk-5034.nasl - Type : ACT_GATHER_INFO
2008-02-29 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0146.nasl - Type : ACT_GATHER_INFO
2008-02-28 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0146.nasl - Type : ACT_GATHER_INFO
2008-02-14 Name : The remote Fedora host is missing a security update.
File : fedora_2008-1643.nasl - Type : ACT_GATHER_INFO
2008-02-11 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200802-01.nasl - Type : ACT_GATHER_INFO
2008-02-01 Name : The remote openSUSE host is missing a security update.
File : suse_SDL_image-4956.nasl - Type : ACT_GATHER_INFO
2007-11-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-342-1.nasl - Type : ACT_GATHER_INFO
2007-02-18 Name : The remote host is missing a vendor-supplied security patch
File : suse_SA_2006_052.nasl - Type : ACT_GATHER_INFO
2007-01-17 Name : The remote Fedora Core host is missing a security update.
File : fedora_2006-1024.nasl - Type : ACT_GATHER_INFO
2006-12-16 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2006-162.nasl - Type : ACT_GATHER_INFO
2006-09-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2006-0669.nasl - Type : ACT_GATHER_INFO
2006-09-22 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2006-0669.nasl - Type : ACT_GATHER_INFO
2006-09-14 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_ea09c5df436211db81e1000e0c2e438a.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/19582
BUGTRAQ http://www.securityfocus.com/archive/1/447866/100/0/threaded
http://www.securityfocus.com/archive/1/487683/100/0/threaded
http://www.securityfocus.com/archive/1/488008/100/0/threaded
CONFIRM http://bugs.php.net/bug.php?id=38112
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_gif_in.c?r1=1.10&r2...
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_gif_in.c?view=log
http://support.avaya.com/elmodocs2/security/ASA-2006-222.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-223.htm
http://wiki.rpath.com/Advisories:rPSA-2008-0046
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0046
http://www.php.net/ChangeLog-5.php#5.1.5
http://www.php.net/release_5_1_5.php
https://bugzilla.redhat.com/show_bug.cgi?id=431568
https://issues.rpath.com/browse/RPL-2218
https://issues.rpath.com/browse/RPL-683
FEDORA https://www.redhat.com/archives/fedora-package-announce/2008-February/msg0050...
MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2006:162
http://www.mandriva.com/security/advisories?name=MDVSA-2008:038
http://www.mandriva.com/security/advisories?name=MDVSA-2008:077
OVAL https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
REDHAT http://rhn.redhat.com/errata/RHSA-2006-0688.html
http://www.redhat.com/support/errata/RHSA-2008-0146.html
SECTRACK http://securitytracker.com/id?1016984
SECUNIA http://secunia.com/advisories/21546
http://secunia.com/advisories/21768
http://secunia.com/advisories/21842
http://secunia.com/advisories/22039
http://secunia.com/advisories/22069
http://secunia.com/advisories/22225
http://secunia.com/advisories/22440
http://secunia.com/advisories/22487
http://secunia.com/advisories/22538
http://secunia.com/advisories/28768
http://secunia.com/advisories/28838
http://secunia.com/advisories/28845
http://secunia.com/advisories/28866
http://secunia.com/advisories/28959
http://secunia.com/advisories/29157
http://secunia.com/advisories/29242
http://secunia.com/advisories/29546
http://secunia.com/advisories/30717
SGI ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
SUSE http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
http://www.novell.com/linux/security/advisories/2006_52_php.html
http://www.novell.com/linux/security/advisories/2008_13_sr.html
TURBO http://www.turbolinux.com/security/2006/TLSA-2006-38.txt
UBUNTU http://www.ubuntu.com/usn/usn-342-1
VUPEN http://www.vupen.com/english/advisories/2006/3318

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
Date Informations
2020-05-23 00:18:19
  • Multiple Updates
2019-06-08 12:01:48
  • Multiple Updates
2018-10-31 00:19:46
  • Multiple Updates
2018-10-18 00:19:40
  • Multiple Updates
2017-10-11 09:23:44
  • Multiple Updates
2016-06-28 15:56:26
  • Multiple Updates
2016-04-26 15:01:29
  • Multiple Updates
2014-02-17 10:37:09
  • Multiple Updates
2013-05-11 11:08:07
  • Multiple Updates