| Vulnerability Name: | CVE-2007-3472 (CCN-35108) | ||||||||||||||||||||
| Assigned: | 2007-06-21 | ||||||||||||||||||||
| Published: | 2007-06-21 | ||||||||||||||||||||
| Updated: | 2018-10-16 | ||||||||||||||||||||
| Summary: | Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified attack vectors and impact. | ||||||||||||||||||||
| CVSS v3 Severity: | 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P) 3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||||||
| Vulnerability Type: | CWE-189 CWE-190 | ||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||
| References: | Source: CONFIRM Type: UNKNOWN ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz Source: CCN Type: libgd Bug FS#89 Possible integer overflow in gdImageCreateTrueColor Source: MISC Type: UNKNOWN http://bugs.libgd.org/?do=details&task_id=89 Source: MITRE Type: CNA CVE-2007-3472 Source: FEDORA Type: UNKNOWN FEDORA-2007-2055 Source: FEDORA Type: UNKNOWN FEDORA-2010-19033 Source: FEDORA Type: UNKNOWN FEDORA-2010-19022 Source: OSVDB Type: UNKNOWN 37745 Source: CCN Type: RHSA-2008-0146 Moderate: gd security update Source: CCN Type: SA25855 GD Graphics Library Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 25855 Source: SECUNIA Type: Vendor Advisory 25860 Source: SECUNIA Type: Vendor Advisory 26272 Source: SECUNIA Type: Vendor Advisory 26390 Source: SECUNIA Type: Vendor Advisory 26415 Source: SECUNIA Type: Vendor Advisory 26467 Source: SECUNIA Type: Vendor Advisory 26663 Source: SECUNIA Type: Vendor Advisory 26766 Source: SECUNIA Type: Vendor Advisory 26856 Source: SECUNIA Type: Vendor Advisory 29157 Source: SECUNIA Type: Vendor Advisory 30168 Source: SECUNIA Type: Vendor Advisory 42813 Source: GENTOO Type: UNKNOWN GLSA-200708-05 Source: GENTOO Type: UNKNOWN GLSA-200711-34 Source: GENTOO Type: UNKNOWN GLSA-200805-13 Source: CCN Type: ASA-2008-099 gd security update (RHSA-2008-0146) Source: CCN Type: GLSA-200708-05 GD: Multiple vulnerabilities Source: CCN Type: GLSA-200711-34 CSTeX: Multiple vulnerabilities Source: CCN Type: GLSA-200805-13 PTeX: Multiple vulnerabilities Source: CCN Type: GD Graphics Library Web site ReleaseNote020035 Source: CONFIRM Type: UNKNOWN http://www.libgd.org/ReleaseNote020035 Source: MANDRIVA Type: UNKNOWN MDKSA-2007:153 Source: MANDRIVA Type: UNKNOWN MDKSA-2007:164 Source: SUSE Type: UNKNOWN SUSE-SR:2007:015 Source: CCN Type: OSVDB ID: 37745 GD Graphics Library (libgd) gdImageCreateTrueColor Function Overflow Source: FEDORA Type: UNKNOWN FEDORA-2007-692 Source: REDHAT Type: Vendor Advisory RHSA-2008:0146 Source: BUGTRAQ Type: UNKNOWN 20070907 FLEA-2007-0052-1 gd Source: BID Type: UNKNOWN 24651 Source: CCN Type: BID-24651 GD Graphics Library Multiple Vulnerabilities Source: MISC Type: UNKNOWN http://www.secweb.se/en/advisories/gd-gdimagecreatetruecolor-integer-overflow/ Source: TRUSTIX Type: UNKNOWN 2007-0024 Source: VUPEN Type: Vendor Advisory ADV-2007-2336 Source: VUPEN Type: Vendor Advisory ADV-2011-0022 Source: CONFIRM Type: UNKNOWN https://bugzilla.redhat.com/show_bug.cgi?id=277421 Source: XF Type: UNKNOWN gd-imagecreatetruecolor-overflow(35108) Source: XF Type: UNKNOWN gd-imagecreatetruecolor-code-execution(35108) Source: CONFIRM Type: UNKNOWN https://issues.rpath.com/browse/RPL-1643 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:11067 Source: SUSE Type: SUSE-SR:2007:015 SUSE Security Summary Report | ||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration RedHat 5: Configuration RedHat 6: Configuration RedHat 7: Configuration RedHat 8: Configuration RedHat 9:  Denotes that component is vulnerable | ||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||
| |||||||||||||||||||||
| BACK | |||||||||||||||||||||