Executive Summary
Summary | |
---|---|
Title | GD: Multiple vulnerabilities |
Informations | |||
---|---|---|---|
Name | GLSA-200708-05 | First vendor Publication | 2007-08-09 |
Vendor | Gentoo | Last vendor Modification | 2007-08-09 |
Severity (Vendor) | Normal | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis Multiple vulnerabilities have been discovered in GD, allowing for the execution of arbitrary code. Background Description Impact Workaround Resolution References Availability http://security.gentoo.org/glsa/glsa-200708-05.xml |
Original Source
Url : http://security.gentoo.org/glsa/glsa-200708-05.xml |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
25 % | CWE-399 | Resource Management Errors |
25 % | CWE-362 | Race Condition |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10348 | |||
Oval ID: | oval:org.mitre.oval:def:10348 | ||
Title: | Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault. | ||
Description: | Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-3476 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11067 | |||
Oval ID: | oval:org.mitre.oval:def:11067 | ||
Title: | Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified attack vectors and impact. | ||
Description: | Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified attack vectors and impact. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-3472 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11806 | |||
Oval ID: | oval:org.mitre.oval:def:11806 | ||
Title: | The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure. | ||
Description: | The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-3473 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13910 | |||
Oval ID: | oval:org.mitre.oval:def:13910 | ||
Title: | USN-854-1 -- libgd2 vulnerabilities | ||
Description: | Tomas Hoger discovered that the GD library did not properly handle the number of colors in certain malformed GD images. If a user or automated system were tricked into processing a specially crafted GD image, an attacker could cause a denial of service or possibly execute arbitrary code. It was discovered that the GD library did not properly handle incorrect color indexes. An attacker could send specially crafted input to applications linked against libgd2 and cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 6.06 LTS. It was discovered that the GD library did not properly handle certain malformed GIF images. If a user or automated system were tricked into processing a specially crafted GIF image, an attacker could cause a denial of service. This issue only affected Ubuntu 6.06 LTS. It was discovered that the GD library did not properly handle large angle degree values. An attacker could send specially crafted input to applications linked against libgd2 and cause a denial of service. This issue only affected Ubuntu 6.06 LTS | ||
Family: | unix | Class: | patch |
Reference(s): | USN-854-1 CVE-2009-3546 CVE-2009-3293 CVE-2007-3475 CVE-2007-3476 CVE-2007-3477 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 8.10 Ubuntu 9.10 Ubuntu 6.06 Ubuntu 9.04 | Product(s): | libgd2 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21803 | |||
Oval ID: | oval:org.mitre.oval:def:21803 | ||
Title: | ELSA-2008:0146: gd security update (Moderate) | ||
Description: | Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0146-01 CVE-2006-4484 CVE-2007-0455 CVE-2007-2756 CVE-2007-3472 CVE-2007-3473 CVE-2007-3475 CVE-2007-3476 | Version: | 33 |
Platform(s): | Oracle Linux 5 | Product(s): | gd |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:9728 | |||
Oval ID: | oval:org.mitre.oval:def:9728 | ||
Title: | The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map. | ||
Description: | The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-3475 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-06-21 | Name : PHP version smaller than 5.2.3 File : nvt/nopsec_php_5_2_3.nasl |
2009-11-23 | Name : Ubuntu USN-854-1 (libgd2) File : nvt/ubuntu_854_1.nasl |
2009-10-13 | Name : SLES10: Security update for gd File : nvt/sles10_gd.nasl |
2009-10-10 | Name : SLES9: Security update for gd File : nvt/sles9p5018750.nasl |
2009-10-10 | Name : SLES9: Security update for PHP4 File : nvt/sles9p5015608.nasl |
2009-10-10 | Name : SLES9: Security update for PHP4 File : nvt/sles9p5012110.nasl |
2009-10-10 | Name : SLES9: Security update for gd File : nvt/sles9p5009393.nasl |
2009-05-05 | Name : HP-UX Update for Apache HPSBUX02262 File : nvt/gb_hp_ux_HPSBUX02262.nasl |
2009-04-09 | Name : Mandriva Update for tetex MDKSA-2007:164 (tetex) File : nvt/gb_mandriva_MDKSA_2007_164.nasl |
2009-04-09 | Name : Mandriva Update for php MDKSA-2007:187 (php) File : nvt/gb_mandriva_MDKSA_2007_187.nasl |
2009-04-09 | Name : Mandriva Update for gd MDKSA-2007:153 (gd) File : nvt/gb_mandriva_MDKSA_2007_153.nasl |
2009-04-09 | Name : Mandriva Update for tetex MDKSA-2007:124 (tetex) File : nvt/gb_mandriva_MDKSA_2007_124.nasl |
2009-04-09 | Name : Mandriva Update for gd MDKSA-2007:122 (gd) File : nvt/gb_mandriva_MDKSA_2007_122.nasl |
2009-04-09 | Name : Mandriva Update for libwmf MDKSA-2007:123 (libwmf) File : nvt/gb_mandriva_MDKSA_2007_123.nasl |
2009-03-23 | Name : Ubuntu Update for libgd2 vulnerabilities USN-473-1 File : nvt/gb_ubuntu_USN_473_1.nasl |
2009-03-06 | Name : RedHat Update for gd RHSA-2008:0146-01 File : nvt/gb_RHSA-2008_0146-01_gd.nasl |
2009-02-27 | Name : Fedora Update for php FEDORA-2007-709 File : nvt/gb_fedora_2007_709_php_fc6.nasl |
2009-02-27 | Name : CentOS Update for gd CESA-2008:0146 centos4 i386 File : nvt/gb_CESA-2008_0146_gd_centos4_i386.nasl |
2009-02-27 | Name : Fedora Update for gd FEDORA-2007-692 File : nvt/gb_fedora_2007_692_gd_fc6.nasl |
2009-02-27 | Name : CentOS Update for gd CESA-2008:0146 centos4 x86_64 File : nvt/gb_CESA-2008_0146_gd_centos4_x86_64.nasl |
2009-02-27 | Name : Fedora Update for gd FEDORA-2007-2055 File : nvt/gb_fedora_2007_2055_gd_fc7.nasl |
2009-02-27 | Name : Fedora Update for php FEDORA-2007-2215 File : nvt/gb_fedora_2007_2215_php_fc7.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200711-34 (cstetex) File : nvt/glsa_200711_34.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200805-13 (ptex) File : nvt/glsa_200805_13.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200710-02 (php) File : nvt/glsa_200710_02.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200709-17 (tetex) File : nvt/glsa_200709_17.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200708-05 (gd) File : nvt/glsa_200708_05.nasl |
2008-09-04 | Name : FreeBSD Ports: gd File : nvt/freebsd_gd0.nasl |
2008-08-15 | Name : Debian Security Advisory DSA 1613-1 (libgd2) File : nvt/deb_1613_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2007-152-01 php5 File : nvt/esoft_slk_ssa_2007_152_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
42062 | GD Graphics Library (libgd) Multiple Function Large Angle Degree Value DoS |
37745 | GD Graphics Library (libgd) gdImageCreateTrueColor Function Overflow |
37744 | GD Graphics Library (libgd) gdImageCreateXbm Function Unspecified DoS |
37743 | GD Graphics Library (libgd) GIF Reader Multiple Unspecified Issues |
37742 | GD Graphics Library (libgd) Malformed GIF Handling DoS |
37741 | GD Graphics Library (libgd) gd_gif_in.c Image Handling DoS |
37740 | GD Graphics Library (libgd) gdft.c gdImageStringFTEx (gdft_draw_bitmap) Race ... |
36643 | GD Graphics Library (libgd) gdPngReadData() Function Truncated PNG Data Handl... |
35788 | GD Graphics Library (libgd) gdPngReadData() Function Truncated PNG Handling DoS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2018-05-01 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2018-120-01.nasl - Type : ACT_GATHER_INFO |
2015-10-29 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-604.nasl - Type : ACT_GATHER_INFO |
2015-07-16 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_ca139c7f2a8c11e5a4a5002590263bf5.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0146.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0890.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0889.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070926_php_on_SL3.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070920_php_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080228_gd_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2011-01-05 | Name : The remote Fedora host is missing a security update. File : fedora_2010-19022.nasl - Type : ACT_GATHER_INFO |
2011-01-05 | Name : The remote Fedora host is missing a security update. File : fedora_2010-19033.nasl - Type : ACT_GATHER_INFO |
2009-11-06 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-854-1.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_11666.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_11578.nasl - Type : ACT_GATHER_INFO |
2008-07-23 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1613.nasl - Type : ACT_GATHER_INFO |
2008-05-13 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200805-13.nasl - Type : ACT_GATHER_INFO |
2008-02-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0146.nasl - Type : ACT_GATHER_INFO |
2008-02-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0146.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_gd-3895.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_php5-3754.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_gd-3748.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-mod_php5-3980.nasl - Type : ACT_GATHER_INFO |
2007-11-26 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200711-34.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-473-1.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-2055.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-2215.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_gd-3747.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-mod_php5-3978.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-mod_php5-3979.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_gd-3700.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_gd-3896.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_php5-3745.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_php5-3753.nasl - Type : ACT_GATHER_INFO |
2007-10-09 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200710-02.nasl - Type : ACT_GATHER_INFO |
2007-10-03 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200709-17.nasl - Type : ACT_GATHER_INFO |
2007-10-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0889.nasl - Type : ACT_GATHER_INFO |
2007-09-26 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0889.nasl - Type : ACT_GATHER_INFO |
2007-09-25 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-709.nasl - Type : ACT_GATHER_INFO |
2007-09-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0890.nasl - Type : ACT_GATHER_INFO |
2007-09-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0890.nasl - Type : ACT_GATHER_INFO |
2007-09-24 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-187.nasl - Type : ACT_GATHER_INFO |
2007-09-24 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-692.nasl - Type : ACT_GATHER_INFO |
2007-08-15 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-164.nasl - Type : ACT_GATHER_INFO |
2007-08-13 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-153.nasl - Type : ACT_GATHER_INFO |
2007-08-13 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200708-05.nasl - Type : ACT_GATHER_INFO |
2007-07-01 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_6e09999725d811dc878b000c29c5647f.nasl - Type : ACT_GATHER_INFO |
2007-06-14 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-124.nasl - Type : ACT_GATHER_INFO |
2007-06-14 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-123.nasl - Type : ACT_GATHER_INFO |
2007-06-14 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-122.nasl - Type : ACT_GATHER_INFO |
2007-06-04 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2007-152-01.nasl - Type : ACT_GATHER_INFO |
2007-06-02 | Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_5_2_3.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:35:02 |
|