DSA-1936 libgd2 -- several vulnerabilitiesID: oval:org.mitre.oval:def:8225 | Date: (C)2009-12-15 (M)2024-02-19 |
Class: PATCH | Family: unix |
Several vulnerabilities have been discovered in libgd2, a library for programmatic graphics creation and manipulation. The Common Vulnerabilities and Exposures project identifies the following problems: Kees Cook discovered a buffer overflow in libgd2"s font renderer. An attacker could cause denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font. This issue only affects the oldstable distribution (etch). Tomas Hoger discovered a boundary error in the "_gdGetColors()" function. An attacker could conduct a buffer overflow or buffer over-read attacks via a crafted GD file.
Platform: |
Debian 5.0 |
Debian 4.0 |