cbcvebase.
CVE-2006-4484
published 2006-08-31

CVE-2006-4484: Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown…

PriorityP421low2.6CVSS 2.0
AVNACHAuNCNINAP
EPSS
6.36%
92.8th percentile
Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array.

Affected

86 ranges· showing 25
VendorProductVersion rangeFixed in
applecups>= 0 < 1.3.7-11.3.7-1
applecups>= 0 < 1.3.7-11.3.7-1
applecups>= 0 < 1.3.7-11.3.7-1
applecups>= 0 < 1.3.7-11.3.7-1
debiancups< cups 1.3.7-1 (bookworm)cups 1.3.7-1 (bookworm)
debianlibgd2< libgd2 2.0.33-5.1 (bookworm)libgd2 2.0.33-5.1 (bookworm)
debianlibtk-img< libtk-img 1:1.3-release-7 (bookworm)libtk-img 1:1.3-release-7 (bookworm)
debiannetpbm-free< netpbm-free 10.0-11.1 (bookworm)netpbm-free 10.0-11.1 (bookworm)
debiansdl-image1.2< sdl-image1.2 1.2.6-2 (bookworm)sdl-image1.2 1.2.6-2 (bookworm)
debianxloadimage< libgd2 2.0.33-5.1 (bookworm)libgd2 2.0.33-5.1 (bookworm)
easy_software_productscups
netpbmnetpbm<= 10.26
phpphp
phpphp
phpphp
phpphp
sdlsdl_image<= 1.2.6
tcl_tktcl_tk<= 8.4.17
tcl_tktcl_tk
tcl_tktcl_tk
tcl_tktcl_tk
tcl_tktcl_tk
tcl_tktcl_tk
tcl_tktcl_tk
tcl_tktcl_tk

CVSS provenance

nvdv2.02.6LOWAV:N/AC:H/Au:N/C:N/I:N/A:P
osv2.6LOW
vendor_ubuntu4.6MEDIUM
vendor_debian2.6MEDIUM
vendor_redhat2.6LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.