| Vulnerability Name: | CVE-2007-3473 (CCN-35109) | ||||||||||||||||
| Assigned: | 2007-06-21 | ||||||||||||||||
| Published: | 2007-06-21 | ||||||||||||||||
| Updated: | 2018-10-16 | ||||||||||||||||
| Summary: | The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure. | ||||||||||||||||
| CVSS v3 Severity: | 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P) 3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
1.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||
| Vulnerability Type: | CWE-noinfo CWE-476 | ||||||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||||||
| References: | Source: CONFIRM Type: UNKNOWN ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz Source: CCN Type: libgd Bug FS#94 gdImageCreateXbm can crash if gdImageCreate fails Source: MISC Type: UNKNOWN http://bugs.libgd.org/?do=details&task_id=94 Source: MITRE Type: CNA CVE-2007-3473 Source: FEDORA Type: UNKNOWN FEDORA-2007-2055 Source: FEDORA Type: UNKNOWN FEDORA-2010-19033 Source: FEDORA Type: UNKNOWN FEDORA-2010-19022 Source: OSVDB Type: UNKNOWN 37744 Source: CCN Type: RHSA-2008-0146 Moderate: gd security update Source: CCN Type: SA25855 GD Graphics Library Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 25855 Source: SECUNIA Type: UNKNOWN 25860 Source: SECUNIA Type: UNKNOWN 26272 Source: SECUNIA Type: UNKNOWN 26390 Source: SECUNIA Type: UNKNOWN 26415 Source: SECUNIA Type: UNKNOWN 26467 Source: SECUNIA Type: UNKNOWN 26663 Source: SECUNIA Type: UNKNOWN 26766 Source: SECUNIA Type: UNKNOWN 26856 Source: SECUNIA Type: UNKNOWN 29157 Source: SECUNIA Type: UNKNOWN 30168 Source: SECUNIA Type: UNKNOWN 42813 Source: GENTOO Type: UNKNOWN GLSA-200708-05 Source: GENTOO Type: UNKNOWN GLSA-200711-34 Source: GENTOO Type: UNKNOWN GLSA-200805-13 Source: CCN Type: ASA-2008-099 gd security update (RHSA-2008-0146) Source: CCN Type: GLSA-200708-05 GD: Multiple vulnerabilities Source: CCN Type: GLSA-200711-34 CSTeX: Multiple vulnerabilities Source: CCN Type: GLSA-200805-13 PTeX: Multiple vulnerabilities Source: CCN Type: GD library Web site ReleaseNote020035 Source: CONFIRM Type: UNKNOWN http://www.libgd.org/ReleaseNote020035 Source: MANDRIVA Type: UNKNOWN MDKSA-2007:153 Source: MANDRIVA Type: UNKNOWN MDKSA-2007:164 Source: CCN Type: OSVDB ID: 37744 GD Graphics Library (libgd) gdImageCreateXbm Function Unspecified DoS Source: FEDORA Type: UNKNOWN FEDORA-2007-692 Source: REDHAT Type: UNKNOWN RHSA-2008:0146 Source: BUGTRAQ Type: UNKNOWN 20070907 FLEA-2007-0052-1 gd Source: BID Type: UNKNOWN 24651 Source: CCN Type: BID-24651 GD Graphics Library Multiple Vulnerabilities Source: TRUSTIX Type: UNKNOWN 2007-0024 Source: VUPEN Type: UNKNOWN ADV-2007-2336 Source: VUPEN Type: UNKNOWN ADV-2011-0022 Source: CONFIRM Type: UNKNOWN https://bugzilla.redhat.com/show_bug.cgi?id=277421 Source: XF Type: UNKNOWN gd-imagecreatexbm-dos(35109) Source: XF Type: UNKNOWN gd-imagecreatexbm-dos(35109) Source: CONFIRM Type: UNKNOWN https://issues.rpath.com/browse/RPL-1643 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:11806 | ||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration RedHat 5: Configuration RedHat 6: Configuration RedHat 7: Configuration RedHat 8: Configuration RedHat 9:  Denotes that component is vulnerable | ||||||||||||||||
| Oval Definitions | |||||||||||||||||
| |||||||||||||||||
| BACK | |||||||||||||||||