Vulnerability Name:

CVE-2007-3996 (CCN-36382)

Assigned:2007-08-30
Published:2007-08-30
Updated:2017-09-29
Summary:Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.6 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Authentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.2 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Athentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
Vulnerability Type:CWE-189
CWE-190
Vulnerability Consequences:Gain Access
References:Source: CONFIRM
Type: UNKNOWN
http://bugs.gentoo.org/show_bug.cgi?id=201546

Source: MITRE
Type: CNA
CVE-2007-3996

Source: SUSE
Type: UNKNOWN
SUSE-SA:2008:004

Source: CCN
Type: RHSA-2007-0888
Moderate: php security update

Source: CCN
Type: RHSA-2007-0889
Moderate: php security update

Source: REDHAT
Type: UNKNOWN
RHSA-2007:0889

Source: CCN
Type: RHSA-2007-0890
Moderate: php security update

Source: CCN
Type: RHSA-2007-0891
Moderate: php security update

Source: CCN
Type: RHSA-2007-0917
Moderate: php security update

Source: CCN
Type: SA26642
PHP Multiple Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
26642

Source: SECUNIA
Type: UNKNOWN
26822

Source: SECUNIA
Type: UNKNOWN
26838

Source: SECUNIA
Type: UNKNOWN
26871

Source: SECUNIA
Type: UNKNOWN
26895

Source: SECUNIA
Type: UNKNOWN
26930

Source: SECUNIA
Type: UNKNOWN
26967

Source: SECUNIA
Type: UNKNOWN
27102

Source: SECUNIA
Type: UNKNOWN
27351

Source: SECUNIA
Type: UNKNOWN
27377

Source: CCN
Type: SA27545
Avaya Products PHP Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
27545

Source: SECUNIA
Type: UNKNOWN
28009

Source: SECUNIA
Type: UNKNOWN
28147

Source: SECUNIA
Type: UNKNOWN
28658

Source: SECUNIA
Type: UNKNOWN
31168

Source: GENTOO
Type: UNKNOWN
GLSA-200712-13

Source: SREASON
Type: UNKNOWN
3103

Source: MISC
Type: Patch
http://secweb.se/en/advisories/php-imagecopyresized-integer-overflow/

Source: MISC
Type: UNKNOWN
http://secweb.se/en/advisories/php-imagecreatetruecolor-integer-overflow/

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2007-449.htm

Source: CCN
Type: ASA-2007-449
PHP security updates (RHSA-2007-0888 RHSA-2007-0889 & RHSA-2007-0890)

Source: CCN
Type: ASA-2007-478
PHP security update (RHSA-2007-0891)

Source: DEBIAN
Type: UNKNOWN
DSA-1613

Source: DEBIAN
Type: DSA-1613
libgd2 -- multiple vulnerabilities

Source: CCN
Type: GLSA-200710-02
PHP: Multiple vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200710-02

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2007:187

Source: CONFIRM
Type: Patch
http://www.php.net/ChangeLog-5.php#5.2.4

Source: CCN
Type: PHP Web site
PHP 5.2.4 Release Announcement

Source: CONFIRM
Type: UNKNOWN
http://www.php.net/releases/5_2_4.php

Source: REDHAT
Type: UNKNOWN
RHSA-2007:0888

Source: REDHAT
Type: UNKNOWN
RHSA-2007:0890

Source: REDHAT
Type: UNKNOWN
RHSA-2007:0891

Source: CCN
Type: SECWEB Web site
PHP ImageCreate/ImageCreateTrueColor Integer Overflow

Source: TRUSTIX
Type: UNKNOWN
2007-0026

Source: CCN
Type: USN-557-1
GD library vulnerability

Source: UBUNTU
Type: UNKNOWN
USN-557-1

Source: CCN
Type: USN-720-1
PHP vulnerabilities

Source: VUPEN
Type: UNKNOWN
ADV-2007-3023

Source: XF
Type: UNKNOWN
php-gdimagecreate-bo(36382)

Source: XF
Type: UNKNOWN
php-gdimagecreate-bo(36382)

Source: XF
Type: UNKNOWN
php-gdimagecopyresized-bo(36383)

Source: CONFIRM
Type: UNKNOWN
https://issues.rpath.com/browse/RPL-1693

Source: CONFIRM
Type: UNKNOWN
https://issues.rpath.com/browse/RPL-1702

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11147

Source: FEDORA
Type: UNKNOWN
FEDORA-2007-709

Source: SUSE
Type: SUSE-SA:2008:004
php5 php4 Security Problems

Vulnerable Configuration:Configuration 1:
  • cpe:/a:php:php:*:*:*:*:*:*:*:* (Version <= 5.2.3)

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2007-3996 (CCN-36383)

    Assigned:2007-08-30
    Published:2007-08-30
    Updated:2007-08-30
    Summary:Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function.
    CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Changed
    Impact Metrics:Confidentiality (C): High
    Integrity (I): High
    Availibility (A): High
    CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
    5.6 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Authentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
    8.3 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Athentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    Vulnerability Type:CWE-189
    CWE-190
    Vulnerability Consequences:Gain Access
    References:Source: MITRE
    Type: CNA
    CVE-2007-3996

    Source: CCN
    Type: RHSA-2007-0888
    Moderate: php security update

    Source: CCN
    Type: RHSA-2007-0889
    Moderate: php security update

    Source: CCN
    Type: RHSA-2007-0890
    Moderate: php security update

    Source: CCN
    Type: RHSA-2007-0891
    Moderate: php security update

    Source: CCN
    Type: RHSA-2007-0917
    Moderate: php security update

    Source: CCN
    Type: SA26642
    PHP Multiple Vulnerabilities

    Source: CCN
    Type: SA27545
    Avaya Products PHP Multiple Vulnerabilities

    Source: CCN
    Type: ASA-2007-449
    PHP security updates (RHSA-2007-0888 RHSA-2007-0889 & RHSA-2007-0890)

    Source: CCN
    Type: ASA-2007-478
    PHP security update (RHSA-2007-0891)

    Source: DEBIAN
    Type: DSA-1613
    libgd2 -- multiple vulnerabilities

    Source: CCN
    Type: GLSA-200710-02
    PHP: Multiple vulnerabilities

    Source: CCN
    Type: IBM Security Bulletin 1667176
    IBM InfoSphere Balanced Warehouse C3000 and C4000, IBM Smart Analytics System 1050 and 2050 are affected by multiple vulnerabilities in PHP

    Source: CCN
    Type: PHP Web site
    PHP 5.2.4 Release Announcement

    Source: CCN
    Type: SECWEB Web site
    PHP ImageCopyResized/ImageCopyResampled Integer Overflow

    Source: CCN
    Type: USN-557-1
    GD library vulnerability

    Source: CCN
    Type: USN-720-1
    PHP vulnerabilities

    Source: XF
    Type: UNKNOWN
    php-gdimagecopyresized-bo(36383)

    Source: SUSE
    Type: SUSE-SA:2008:004
    php5 php4 Security Problems

    Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*
    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*
    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:php:php:5.0.3:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.4:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.5:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.1.2:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.2:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.2.1:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.2.3:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:beta4:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.1.0:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.1.5:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.2.2:-:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06:*:lts:*:*:*:*:*
  • OR cpe:/o:novell:suse_linux_enterprise_server:10:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*
  • OR cpe:/o:suse:novell_linux_pos:9:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.04:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:server:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.10:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:x86-64:*:*:*:*:*
  • OR cpe:/a:redhat:rhel_application_stack:2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.5.z:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.5.z:*:es:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.2:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:8.04:*:lts:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20073996
    V
    		CVE-2007-3996
    2022-09-02
    oval:org.mitre.oval:def:13729
    P
    		USN-720-1 -- php5 vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:17679
    P
    		USN-557-1 -- libgd2 vulnerability
    2014-06-30
    oval:org.mitre.oval:def:18418
    P
    		DSA-1613-1 libgd2 - multiple vulnerabilities
    2014-06-23
    oval:org.mitre.oval:def:7842
    P
    		DSA-1613 libgd2 -- multiple vulnerabilities
    2014-06-23
    oval:org.mitre.oval:def:22339
    P
    		ELSA-2007:0890: php security update (Moderate)
    2014-05-26
    oval:org.mitre.oval:def:11147
    V
    		Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function.
    2013-04-29
    oval:org.debian:def:1613
    V
    		multiple vulnerabilities
    2008-07-22
    oval:com.redhat.rhsa:def:20070889
    P
    		RHSA-2007:0889: php security update (Moderate)
    2007-09-26
    oval:com.redhat.rhsa:def:20070890
    P
    		RHSA-2007:0890: php security update (Moderate)
    2007-09-20
    BACK
    php php *
    php php 5.0.3 -
    php php 5.0.4 -
    php php 5.0.0 -
    php php 5.0.5 -
    php php 5.1.1
    php php 5.1.2 -
    php php 5.1.4
    php php 5.0.2 -
    php php 5.1.6
    php php 5.2.0
    php php 5.2.1 -
    php php 5.2.3 -
    php php 5.0.0 beta1
    php php 5.0.0 beta2
    php php 5.0.0 beta3
    php php 5.0.0 beta4
    php php 5.0.0 rc1
    php php 5.0.0 rc2
    php php 5.0.0 rc3
    php php 5.0.1 -
    php php 5.1.0 -
    php php 5.1.3
    php php 5.1.5 -
    php php 5.2.2 -
    gentoo linux *
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    novell linux desktop 9
    redhat enterprise linux 4
    redhat enterprise linux 4
    novell open enterprise server *
    mandrakesoft mandrake multi network firewall 2.0
    redhat linux advanced workstation 2.1
    canonical ubuntu 6.06
    novell suse linux enterprise server 10
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 3.0
    suse novell linux pos 9
    redhat enterprise linux desktop 5.0
    redhat enterprise linux 5
    redhat enterprise linux 5
    mandrakesoft mandrake linux 2007.1
    debian debian linux 4.0
    canonical ubuntu 7.04
    redhat enterprise linux 5
    canonical ubuntu 7.10
    mandrakesoft mandrake linux 2007.1
    redhat rhel application stack 2
    redhat enterprise linux 4.5.z
    redhat enterprise linux 4.5.z
    novell open enterprise server *
    novell opensuse 10.2
    novell opensuse 10.3
    canonical ubuntu 8.04