Описание
Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font.
Отчет
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=234312 The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 4 | libwmf | Will not fix | ||
| Red Hat Enterprise Linux 5 | libwmf | Will not fix | ||
| Red Hat Enterprise Linux 6 | libwmf | Will not fix | ||
| Red Hat Enterprise Linux 3 | php | Fixed | RHSA-2007:0155 | 16.04.2007 |
| Red Hat Enterprise Linux 4 | php | Fixed | RHSA-2007:0155 | 16.04.2007 |
| Red Hat Enterprise Linux 4 | gd | Fixed | RHSA-2008:0146 | 28.02.2008 |
| Red Hat Enterprise Linux 5 | php | Fixed | RHSA-2007:0153 | 20.04.2007 |
| Red Hat Enterprise Linux 5 | gd | Fixed | RHSA-2008:0146 | 28.02.2008 |
| Red Hat Web Application Stack for RHEL 4 | php | Fixed | RHSA-2007:0162 | 16.04.2007 |
Показывать по
Дополнительная информация
Статус:
Связанные уязвимости
Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font.
Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font.
Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Grap ...
Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font.
