Vulnerability Name:

CVE-2007-0455 (CCN-31907)

Assigned:2007-01-26
Published:2007-01-26
Updated:2022-07-21
Summary:Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-120
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: Red Hat Bugzilla Bug 224607
CVE-2007-0455 gd buffer overrun

Source: CONFIRM
Type: Issue Tracking, Third Party Advisory
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=224607

Source: MITRE
Type: CNA
CVE-2007-0455

Source: FEDORA
Type: Broken Link
FEDORA-2007-150

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2010-19033

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2010-19022

Source: MLIST
Type: Broken Link
[security-announce] 20070208 rPSA-2007-0028-1 gd

Source: CCN
Type: RHSA-2007-0153
Moderate: php security update

Source: CCN
Type: RHSA-2007-0155
Important: php security update

Source: REDHAT
Type: Third Party Advisory
RHSA-2007:0155

Source: CCN
Type: RHSA-2007-0162
Moderate: php security update

Source: CCN
Type: RHSA-2008-0146
Moderate: gd security update

Source: CCN
Type: SA23916
GD Graphics Library "gdImageStringFTEx()" Denial of Service

Source: SECUNIA
Type: Not Applicable, Vendor Advisory
23916

Source: SECUNIA
Type: Not Applicable
24022

Source: SECUNIA
Type: Not Applicable
24052

Source: SECUNIA
Type: Not Applicable
24053

Source: SECUNIA
Type: Not Applicable
24107

Source: SECUNIA
Type: Not Applicable
24143

Source: SECUNIA
Type: Not Applicable
24151

Source: SECUNIA
Type: Not Applicable
24924

Source: SECUNIA
Type: Not Applicable
24945

Source: SECUNIA
Type: Not Applicable
24965

Source: SECUNIA
Type: Not Applicable
25575

Source: SECUNIA
Type: Not Applicable
29157

Source: SECUNIA
Type: Not Applicable
42813

Source: CCN
Type: ASA-2007-181
php security update (RHSA-2007-0162)

Source: CCN
Type: ASA-2007-196
php security update (RHSA-2007-0155)

Source: CCN
Type: ASA-2008-099
gd security update (RHSA-2008-0146)

Source: CCN
Type: Boutell.com
GD Graphics Library

Source: DEBIAN
Type: DSA-1936
libgd2 -- several vulnerabilities

Source: MANDRIVA
Type: Broken Link
MDKSA-2007:035

Source: MANDRIVA
Type: Broken Link
MDKSA-2007:036

Source: MANDRIVA
Type: Broken Link
MDKSA-2007:038

Source: MANDRIVA
Type: Broken Link
MDKSA-2007:109

Source: CCN
Type: OpenPKG-SA-2007.016
libgd

Source: REDHAT
Type: Third Party Advisory
RHSA-2007:0153

Source: REDHAT
Type: Third Party Advisory
RHSA-2007:0162

Source: REDHAT
Type: Third Party Advisory
RHSA-2008:0146

Source: BUGTRAQ
Type: Third Party Advisory, VDB Entry
20070418 rPSA-2007-0073-1 php php-mysql php-pgsql

Source: BID
Type: Third Party Advisory, VDB Entry
22289

Source: CCN
Type: BID-22289
GD Graphics Library JIS-Encoded Font Buffer Overflow Vulnerability

Source: TRUSTIX
Type: Broken Link
2007-0007

Source: CCN
Type: TLSA-2007-11
Buffer overflow

Source: CCN
Type: TLSA-2007-16
libwmf buffer over flow

Source: CCN
Type: USN-473-1
libgd2 vulnerabilities

Source: UBUNTU
Type: Third Party Advisory
USN-473-1

Source: VUPEN
Type: Permissions Required
ADV-2007-0400

Source: VUPEN
Type: Permissions Required
ADV-2011-0022

Source: XF
Type: UNKNOWN
gdgraphicslibrary-gdft-bo(31907)

Source: CONFIRM
Type: Broken Link
https://issues.rpath.com/browse/RPL-1030

Source: CONFIRM
Type: Broken Link
https://issues.rpath.com/browse/RPL-1268

Source: OVAL
Type: Third Party Advisory
oval:org.mitre.oval:def:11303

Vulnerable Configuration:Configuration 1:
  • cpe:/a:gd_graphics_library_project:gd_graphics_library:*:*:*:*:*:*:*:* (Version <= 2.0.33)

    • Configuration 2:
  • cpe:/a:php:php:*:*:*:*:*:*:*:* (Version >= 4.4.0 and < 4.4.7)

    • Configuration 3:
  • cpe:/o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/o:fedoraproject:fedora:13:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora:14:*:*:*:*:*:*:*

    • Configuration 5:
  • cpe:/o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_workstation:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_server:3.0:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration RedHat 9:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:8225
    P
    		DSA-1936 libgd2 -- several vulnerabilities
    2014-06-23
    oval:org.mitre.oval:def:13099
    P
    		DSA-1936-1 libgd2 -- several
    2014-06-23
    oval:org.mitre.oval:def:21723
    P
    		ELSA-2007:0153: php security update (Moderate)
    2014-05-26
    oval:org.mitre.oval:def:21803
    P
    		ELSA-2008:0146: gd security update (Moderate)
    2014-05-26
    oval:org.mitre.oval:def:11303
    V
    		Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font.
    2013-04-29
    oval:org.debian:def:1936
    V
    		several vulnerabilities
    2009-11-17
    oval:com.redhat.rhsa:def:20080146
    P
    		RHSA-2008:0146: gd security update (Moderate)
    2008-02-28
    oval:com.redhat.rhsa:def:20070153
    P
    		RHSA-2007:0153: php security update (Moderate)
    2007-04-20
    oval:com.redhat.rhsa:def:20070155
    P
    		RHSA-2007:0155: php security update (Important)
    2007-04-16
    BACK
    gd_graphics_library_project gd graphics library *
    php php *
    canonical ubuntu linux 7.04
    canonical ubuntu linux 6.10
    canonical ubuntu linux 6.06
    fedoraproject fedora 13
    fedoraproject fedora 14
    redhat enterprise linux desktop 3.0
    redhat enterprise linux desktop 4.0
    redhat enterprise linux server 4.0
    redhat enterprise linux workstation 4.0
    redhat enterprise linux workstation 3.0
    redhat enterprise linux server 3.0