CVE-2007-3472

Опубликовано: 28 июн. 2007

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified attack vectors and impact.

Ссылки

ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz
http://bugs.libgd.org/?do=details&task_id=89
http://fedoranews.org/updates/FEDORA-2007-205.shtml
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html
http://osvdb.org/37745
http://secunia.com/advisories/25855
Vendor Advisory
http://secunia.com/advisories/25860
Vendor Advisory
http://secunia.com/advisories/26272
Vendor Advisory
http://secunia.com/advisories/26390
Vendor Advisory
http://secunia.com/advisories/26415
Vendor Advisory
http://secunia.com/advisories/26467
Vendor Advisory
http://secunia.com/advisories/26663
Vendor Advisory
http://secunia.com/advisories/26766
Vendor Advisory
http://secunia.com/advisories/26856
Vendor Advisory
http://secunia.com/advisories/29157
Vendor Advisory
http://secunia.com/advisories/30168
Vendor Advisory
http://secunia.com/advisories/42813
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200708-05.xml
http://security.gentoo.org/glsa/glsa-200711-34.xml

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:libgd:gd_graphics_library:*:rc5:*:*:*:*:*:*

Версия до 2.0.35 (включая)

cpe:2.3:a:libgd:gd_graphics_library:2.0.33:*:*:*:*:*:*:*

cpe:2.3:a:libgd:gd_graphics_library:2.0.34:*:*:*:*:*:*:*

cpe:2.3:a:libgd:gd_graphics_library:2.0.34:rc1:*:*:*:*:*:*

cpe:2.3:a:libgd:gd_graphics_library:2.0.34:rc2:*:*:*:*:*:*

cpe:2.3:a:libgd:gd_graphics_library:2.0.35:rc1:*:*:*:*:*:*

cpe:2.3:a:libgd:gd_graphics_library:2.0.35:rc2:*:*:*:*:*:*

cpe:2.3:a:libgd:gd_graphics_library:2.0.35:rc3:*:*:*:*:*:*

cpe:2.3:a:libgd:gd_graphics_library:2.0.35:rc4:*:*:*:*:*:*

EPSS

Процентиль: 92%

0.08046

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-189

Связанные уязвимости

CVE-2007-3472

ubuntu

почти 18 лет назад

Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified attack vectors and impact.

CVE-2007-3472

redhat

около 18 лет назад

Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified attack vectors and impact.

CVE-2007-3472

debian

почти 18 лет назад

Integer overflow in gdImageCreateTrueColor function in the GD Graphics ...

GHSA-4q72-m435-qg7x

github

около 3 лет назад

Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified attack vectors and impact.

ELSA-2008-0146

oracle-oval

больше 17 лет назад

ELSA-2008-0146: Moderate: gd security update (MODERATE)

EPSS

Процентиль: 92%

0.08046

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-189