Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
History
21 Jul 2022, 15:17
Type | Values Removed | Values Added |
---|---|---|
First Time |
Redhat enterprise Linux Workstation
Fedoraproject Gd Graphics Library Project gd Graphics Library Fedoraproject fedora Redhat Php Redhat enterprise Linux Server Canonical ubuntu Linux Canonical Php php Gd Graphics Library Project Redhat enterprise Linux Desktop |
|
CWE | CWE-120 | |
References | (VUPEN) http://www.vupen.com/english/advisories/2007/0400 - Permissions Required | |
References | (SECUNIA) http://secunia.com/advisories/24965 - Not Applicable | |
References | (VUPEN) http://www.vupen.com/english/advisories/2011/0022 - Permissions Required | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2007-0153.html - Third Party Advisory | |
References | (FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://issues.rpath.com/browse/RPL-1268 - Broken Link | |
References | (FEDORA) http://fedoranews.org/cms/node/2631 - Broken Link | |
References | (SECUNIA) http://secunia.com/advisories/24151 - Not Applicable | |
References | (SECUNIA) http://secunia.com/advisories/24107 - Not Applicable | |
References | (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDKSA-2007:036 - Broken Link | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2007-0162.html - Third Party Advisory | |
References | (CONFIRM) https://issues.rpath.com/browse/RPL-1030 - Broken Link | |
References | (UBUNTU) http://www.ubuntu.com/usn/usn-473-1 - Third Party Advisory | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2008-0146.html - Third Party Advisory | |
References | (MLIST) http://lists.rpath.com/pipermail/security-announce/2007-February/000145.html - Broken Link | |
References | (FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html - Mailing List, Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/24052 - Not Applicable | |
References | (SECUNIA) http://secunia.com/advisories/42813 - Not Applicable | |
References | (SECUNIA) http://secunia.com/advisories/24924 - Not Applicable | |
References | (SECUNIA) http://secunia.com/advisories/24143 - Not Applicable | |
References | (SECUNIA) http://secunia.com/advisories/24022 - Not Applicable | |
References | (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDKSA-2007:035 - Broken Link | |
References | (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11303 - Third Party Advisory | |
References | (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDKSA-2007:109 - Broken Link | |
References | (SECUNIA) http://secunia.com/advisories/29157 - Not Applicable | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2007-0155.html - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/24053 - Not Applicable | |
References | (SECUNIA) http://secunia.com/advisories/24945 - Not Applicable | |
References | (BID) http://www.securityfocus.com/bid/22289 - Third Party Advisory, VDB Entry | |
References | (TRUSTIX) http://www.trustix.org/errata/2007/0007 - Broken Link | |
References | (SECUNIA) http://secunia.com/advisories/25575 - Not Applicable | |
References | (BUGTRAQ) http://www.securityfocus.com/archive/1/466166/100/0/threaded - Third Party Advisory, VDB Entry | |
References | (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDKSA-2007:038 - Broken Link | |
References | (CONFIRM) http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=224607 - Issue Tracking, Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/23916 - Not Applicable, Vendor Advisory | |
CPE | cpe:2.3:a:gd_graphics_library:gdlib:2.0.28:*:*:*:*:*:*:* cpe:2.3:a:gd_graphics_library:gdlib:2.0.21:*:*:*:*:*:*:* cpe:2.3:a:gd_graphics_library:gdlib:2.0.23:*:*:*:*:*:*:* cpe:2.3:a:gd_graphics_library:gdlib:2.0.15:*:*:*:*:*:*:* cpe:2.3:a:gd_graphics_library:gdlib:2.0.1:*:*:*:*:*:*:* cpe:2.3:a:gd_graphics_library:gdlib:2.0.26:*:*:*:*:*:*:* cpe:2.3:a:gd_graphics_library:gdlib:2.0.22:*:*:*:*:*:*:* cpe:2.3:a:gd_graphics_library:gdlib:2.0.27:*:*:*:*:*:*:* cpe:2.3:a:gd_graphics_library:gdlib:2.0.20:*:*:*:*:*:*:* |
cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:* cpe:2.3:a:php:php:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:3.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:3.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:* cpe:2.3:a:gd_graphics_library_project:gd_graphics_library:*:*:*:*:*:*:*:* |
Information
Published : 2007-01-30 17:28
Updated : 2023-12-10 10:40
NVD link : CVE-2007-0455
Mitre link : CVE-2007-0455
CVE.ORG link : CVE-2007-0455
JSON object : View
Products Affected
fedoraproject
- fedora
php
- php
gd_graphics_library_project
- gd_graphics_library
redhat
- enterprise_linux_server
- enterprise_linux_workstation
- enterprise_linux_desktop
canonical
- ubuntu_linux
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')