[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-3476Date: (C)2007-06-28   (M)2024-02-22


Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
2007-0024
http://www.securityfocus.com/archive/1/478796/100/0/threaded
BID-24651
SECUNIA-25860
SECUNIA-26272
SECUNIA-26390
SECUNIA-26415
SECUNIA-26467
SECUNIA-26663
SECUNIA-26766
SECUNIA-26856
SECUNIA-29157
SECUNIA-30168
SECUNIA-31168
OSVDB-37741
SECUNIA-42813
ADV-2011-0022
DSA-1613
FEDORA-2007-2055
FEDORA-2007-692
FEDORA-2010-19022
FEDORA-2010-19033
GLSA-200708-05
GLSA-200711-34
GLSA-200805-13
MDKSA-2007:153
MDKSA-2007:164
RHSA-2008:0146
SUSE-SR:2007:015
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz
http://bugs.libgd.org/?do=details&task_id=87
http://www.libgd.org/ReleaseNote020035
https://bugzilla.redhat.com/show_bug.cgi?id=277421
https://issues.rpath.com/browse/RPL-1643
oval:org.mitre.oval:def:10348

CWE    1
CWE-189
OVAL    2
oval:org.mitre.oval:def:7842
oval:org.secpod.oval:def:700361

© SecPod Technologies