CVE-2006-4484
published 2006-08-31CVE-2006-4484: Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown…
PriorityP421low2.6CVSS 2.0
AVNACHAuNCNINAP
EPSS
6.36%
92.8th percentile
Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array.
Affected
86 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | cups | >= 0 < 1.3.7-1 | 1.3.7-1 |
| apple | cups | >= 0 < 1.3.7-1 | 1.3.7-1 |
| apple | cups | >= 0 < 1.3.7-1 | 1.3.7-1 |
| apple | cups | >= 0 < 1.3.7-1 | 1.3.7-1 |
| debian | cups | < cups 1.3.7-1 (bookworm) | cups 1.3.7-1 (bookworm) |
| debian | libgd2 | < libgd2 2.0.33-5.1 (bookworm) | libgd2 2.0.33-5.1 (bookworm) |
| debian | libtk-img | < libtk-img 1:1.3-release-7 (bookworm) | libtk-img 1:1.3-release-7 (bookworm) |
| debian | netpbm-free | < netpbm-free 10.0-11.1 (bookworm) | netpbm-free 10.0-11.1 (bookworm) |
| debian | sdl-image1.2 | < sdl-image1.2 1.2.6-2 (bookworm) | sdl-image1.2 1.2.6-2 (bookworm) |
| debian | xloadimage | < libgd2 2.0.33-5.1 (bookworm) | libgd2 2.0.33-5.1 (bookworm) |
| easy_software_products | cups | — | — |
| netpbm | netpbm | <= 10.26 | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| sdl | sdl_image | <= 1.2.6 | — |
| tcl_tk | tcl_tk | <= 8.4.17 | — |
| tcl_tk | tcl_tk | — | — |
| tcl_tk | tcl_tk | — | — |
| tcl_tk | tcl_tk | — | — |
| tcl_tk | tcl_tk | — | — |
| tcl_tk | tcl_tk | — | — |
| tcl_tk | tcl_tk | — | — |
| tcl_tk | tcl_tk | — | — |
CVSS provenance
nvdv2.02.6LOWAV:N/AC:H/Au:N/C:N/I:N/A:P
osv2.6LOW
vendor_ubuntu4.6MEDIUM
vendor_debian2.6MEDIUM
vendor_redhat2.6LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6xv8-25r4-5mrf: Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in
ghsa_unreviewed·2022-05-03
CVE-2006-4484 [LOW] GHSA-6xv8-25r4-5mrf: Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in
Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array.
GHSA
GHSA-q3qj-hhm6-3g3m: Buffer overflow in the readImageData function in giftopnm
ghsa_unreviewed·2022-05-01·CVSS 2.6
CVE-2008-0554 [LOW] CWE-119 GHSA-q3qj-hhm6-3g3m: Buffer overflow in the readImageData function in giftopnm
Buffer overflow in the readImageData function in giftopnm.c in netpbm before 10.27 in netpbm before 10.27 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484.
GHSA
GHSA-r8gv-4rq7-chfp: Buffer overflow in the LWZReadByte function in IMG_gif
ghsa_unreviewed·2022-05-01·CVSS 2.6
CVE-2007-6697 [LOW] CWE-119 GHSA-r8gv-4rq7-chfp: Buffer overflow in the LWZReadByte function in IMG_gif
Buffer overflow in the LWZReadByte function in IMG_gif.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, a similar issue to CVE-2006-4484. NOTE: some of these details are obtained from third party information.
GHSA
GHSA-4gx2-wfcv-mvp8: Buffer overflow in the gif_read_lzw function in CUPS 1
ghsa_unreviewed·2022-05-01·CVSS 2.6
CVE-2008-1373 [LOW] CWE-119 GHSA-4gx2-wfcv-mvp8: Buffer overflow in the gif_read_lzw function in CUPS 1
Buffer overflow in the gif_read_lzw function in CUPS 1.3.6 allows remote attackers to have an unknown impact via a GIF file with a large code_size value, a similar issue to CVE-2006-4484.
GHSA
GHSA-w2px-74cm-hrpr: Stack-based buffer overflow in the ReadImage function in tkImgGIF
ghsa_unreviewed·2022-05-01·CVSS 2.6
CVE-2008-0553 [LOW] CWE-119 GHSA-w2px-74cm-hrpr: Stack-based buffer overflow in the ReadImage function in tkImgGIF
Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in Tk (Tcl/Tk) before 8.5.1 allows remote attackers to execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484.
OSV
CVE-2008-1373: Buffer overflow in the gif_read_lzw function in CUPS 1
osv·2008-04-04·CVSS 2.6
CVE-2008-1373 [LOW] CVE-2008-1373: Buffer overflow in the gif_read_lzw function in CUPS 1
Buffer overflow in the gif_read_lzw function in CUPS 1.3.6 allows remote attackers to have an unknown impact via a GIF file with a large code_size value, a similar issue to CVE-2006-4484.
OSV
CVE-2008-0554: Buffer overflow in the readImageData function in giftopnm
osv·2008-02-08·CVSS 2.6
CVE-2008-0554 [LOW] CVE-2008-0554: Buffer overflow in the readImageData function in giftopnm
Buffer overflow in the readImageData function in giftopnm.c in netpbm before 10.27 in netpbm before 10.27 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484.
OSV
CVE-2008-0553: Stack-based buffer overflow in the ReadImage function in tkImgGIF
osv·2008-02-07·CVSS 2.6
CVE-2008-0553 [LOW] CVE-2008-0553: Stack-based buffer overflow in the ReadImage function in tkImgGIF
Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in Tk (Tcl/Tk) before 8.5.1 allows remote attackers to execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484.
OSV
CVE-2007-6697: Buffer overflow in the LWZReadByte function in IMG_gif
osv·2008-02-01·CVSS 2.6
CVE-2007-6697 [LOW] CVE-2007-6697: Buffer overflow in the LWZReadByte function in IMG_gif
Buffer overflow in the LWZReadByte function in IMG_gif.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, a similar issue to CVE-2006-4484. NOTE: some of these details are obtained from third party information.
OSV
CVE-2006-4484: Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in
osv·2006-08-31·CVSS 2.6
CVE-2006-4484 [LOW] CVE-2006-4484: Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in
Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array.
Red Hat
cups: overflow in gif image filter
vendor_redhat·2008-04-01·CVSS 2.6
CVE-2008-1373 [LOW] cups: overflow in gif image filter
cups: overflow in gif image filter
Buffer overflow in the gif_read_lzw function in CUPS 1.3.6 allows remote attackers to have an unknown impact via a GIF file with a large code_size value, a similar issue to CVE-2006-4484.
Red Hat
tk: GIF handling buffer overflow
vendor_redhat·2008-02-01·CVSS 2.6
CVE-2008-0553 [LOW] tk: GIF handling buffer overflow
tk: GIF handling buffer overflow
Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in Tk (Tcl/Tk) before 8.5.1 allows remote attackers to execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484.
Red Hat
netpbm: GIF handling buffer overflow in giftopnm
vendor_redhat·2008-02-01·CVSS 2.6
CVE-2008-0554 [LOW] netpbm: GIF handling buffer overflow in giftopnm
netpbm: GIF handling buffer overflow in giftopnm
Buffer overflow in the readImageData function in giftopnm.c in netpbm before 10.27 in netpbm before 10.27 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484.
Red Hat
SDL_image: GIF handling buffer overflow
vendor_redhat·2008-01-23·CVSS 2.6
CVE-2007-6697 [LOW] SDL_image: GIF handling buffer overflow
SDL_image: GIF handling buffer overflow
Buffer overflow in the LWZReadByte function in IMG_gif.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, a similar issue to CVE-2006-4484. NOTE: some of these details are obtained from third party information.
Debian
CVE-2008-1373: cups - Buffer overflow in the gif_read_lzw function in CUPS 1.3.6 allows remote attacke...
vendor_debian·2008·CVSS 2.6
CVE-2008-1373 [LOW] CVE-2008-1373: cups - Buffer overflow in the gif_read_lzw function in CUPS 1.3.6 allows remote attacke...
Buffer overflow in the gif_read_lzw function in CUPS 1.3.6 allows remote attackers to have an unknown impact via a GIF file with a large code_size value, a similar issue to CVE-2006-4484.
Scope: local
bookworm: resolved (fixed in 1.3.7-1)
bullseye: resolved (fixed in 1.3.7-1)
forky: resolved (fixed in 1.3.7-1)
sid: resolved (fixed in 1.3.7-1)
trixie: resolved (fixed in 1.3.7-1)
Debian
CVE-2008-0553: libtk-img - Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in Tk (Tcl/T...
vendor_debian·2008·CVSS 2.6
CVE-2008-0553 [LOW] CVE-2008-0553: libtk-img - Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in Tk (Tcl/T...
Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in Tk (Tcl/Tk) before 8.5.1 allows remote attackers to execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484.
Scope: local
bookworm: resolved (fixed in 1:1.3-release-7)
bullseye: resolved (fixed in 1:1.3-release-7)
forky: resolved (fixed in 1:1.3-release-7)
sid: resolved (fixed in 1:1.3-release-7)
trixie: resolved (fixed in 1:1.3-release-7)
Debian
CVE-2008-0554: netpbm-free - Buffer overflow in the readImageData function in giftopnm.c in netpbm before 10....
vendor_debian·2008·CVSS 2.6
CVE-2008-0554 [LOW] CVE-2008-0554: netpbm-free - Buffer overflow in the readImageData function in giftopnm.c in netpbm before 10....
Buffer overflow in the readImageData function in giftopnm.c in netpbm before 10.27 in netpbm before 10.27 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484.
Scope: local
bookworm: resolved (fixed in 10.0-11.1)
bullseye: resolved (fixed in 10.0-11.1)
forky: resolved (fixed in 10.0-11.1)
sid: resolved (fixed in 10.0-11.1)
trixie: resolved (fixed in 10.0-11.1)
Debian
CVE-2007-6697: sdl-image1.2 - Buffer overflow in the LWZReadByte function in IMG_gif.c in SDL_image before 1.2...
vendor_debian·2007·CVSS 2.6
CVE-2007-6697 [LOW] CVE-2007-6697: sdl-image1.2 - Buffer overflow in the LWZReadByte function in IMG_gif.c in SDL_image before 1.2...
Buffer overflow in the LWZReadByte function in IMG_gif.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, a similar issue to CVE-2006-4484. NOTE: some of these details are obtained from third party information.
Scope: local
bookworm: resolved (fixed in 1.2.6-2)
bullseye: resolved (fixed in 1.2.6-2)
forky: resolved (fixed in 1.2.6-2)
sid: resolved (fixed in 1.2.6-2)
trixie: resolved (fixed in 1.2.6-2)
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2006-09-07·CVSS 4.6
CVE-2006-4020 [MEDIUM] PHP vulnerabilities
Title: PHP vulnerabilities
Summary: PHP vulnerabilities
The sscanf() function did not properly check array boundaries. In
applications which use sscanf() with argument swapping, a remote attacker
could potentially exploit this to crash the affected web application
or even execute arbitrary code with the application's privileges.
(CVE-2006-4020)
The file_exists() and imap_reopen() functions did not perform
proper open_basedir and safe_mode checks which could allow local
scripts to bypass intended restrictions. (CVE-2006-4481)
On 64 bit systems the str_repeat() and wordwrap() functions did not
properly check buffer boundaries. Depending on the application, this
could potentially be exploited to execute arbitrary code with the
applications' privileges. This only affects the amd64 and spar
Red Hat
gd: GIF handling buffer overflow
vendor_redhat·2006-07-16·CVSS 2.6
CVE-2006-4484 [LOW] gd: GIF handling buffer overflow
gd: GIF handling buffer overflow
Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array.
Debian
CVE-2006-4484: libgd2 - Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the ...
vendor_debian·2006·CVSS 2.6
CVE-2006-4484 [LOW] CVE-2006-4484: libgd2 - Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the ...
Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array.
Scope: local
bookworm: resolved (fixed in 2.0.33-5.1)
bullseye: resolved (fixed in 2.0.33-5.1)
forky: resolved (fixed in 2.0.33-5.1)
sid: resolved (fixed in 2.0.33-5.1)
trixie: resolved (fixed in 2.0.33-5.1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2011-2896 David Koblas' GIF decoder LZW decoder buffer overflow
bugzilla·2011-08-03·CVSS 9.3
CVE-2011-2896 [CRITICAL] CVE-2011-2896 David Koblas' GIF decoder LZW decoder buffer overflow
CVE-2011-2896 David Koblas' GIF decoder LZW decoder buffer overflow
GIF image file format readers in various open source projects are based on the GIF decoder implementation written by David Koblas. This implementation contains a bug in the LZW decompressor, causing it to in correctly handle compressed streams that contain code words that were not yet added to the decompression table. LZW decompression has a special case (a KwKwK string) when code word may match the first free entry in the decompression table. The implementation used in this GIF reading code allows code words not only matching, but also exceeding the first free entry.
This problem is identical to a bug found in BSD compress (CVE-2011-2895, bug #727624), but given the unclear relationship between BSD compress and GIF deco
Bugzilla
CVE-2011-2897 gdk-pixbuf: GIF loader buffer overflow when initializing decompression tables
bugzilla·2011-08-01·CVSS 2.6
CVE-2011-2897 [LOW] CVE-2011-2897 gdk-pixbuf: GIF loader buffer overflow when initializing decompression tables
CVE-2011-2897 gdk-pixbuf: GIF loader buffer overflow when initializing decompression tables
GDK's GIF image reader is based on David Koblas' code that is also used in several other GIF image readers. This code contained an input validation flaw. Input code size was read from input GIF file and used to initialize decoding tables without checking the value, leading to buffer overflow. Relevant GDK code is:
941 static int
942 gif_prepare_lzw (GifContext *context)
943 {
...
946 if (!gif_read (context, &(context->lzw_set_code_size), 1)) {
947 /*g_message (_("GIF: EOF / read error on image data\n"));*/
948 return -1;
949 }
...
952 context->lzw_clear_code = 1 lzw_set_code_size;
...
962 for (i = 0; i lzw_clear_code; ++i) {
963 context->lzw_table[0][i] = 0;
964 context->lzw_table[1][i] = i;
965 }
Bugzilla
CVE-2008-1373 cups: overflow in gif image filter
bugzilla·2008-03-20·CVSS 2.6
CVE-2008-1373 [LOW] CVE-2008-1373 cups: overflow in gif image filter
CVE-2008-1373 cups: overflow in gif image filter
It was discovered that GIF parsing code used by CUPS printing system is affected
by similar issue as GIF parsers used by gd / netpbm / tk / SDL_image.
Value of code_size read from GIF image is not properly validate before being
used to initialize table array in gif_read_lzw(), causing a static buffer overflow.
Issue is similar to:
CVE-2006-4484 (gd), CVE-2007-6697 (SDL_image), CVE-2008-0553 (tk), CVE-2008-0554
(netpbm)
Discussion:
Created attachment 298680
Proposed patch
Similar to fixed used in gd / tk / netpbm / SDL_image.
---
Tracked upstream via: http://www.cups.org/str.php?L2765
---
cups-1.2.12-10.fc7 has been submitted as an update for Fedora 7
---
cups-1.3.6-4.fc8 has been pushed to the Fedora 8 stable repository. If probl
Bugzilla
CVE-2008-0553 tk: GIF handling buffer overflow
bugzilla·2008-02-05·CVSS 2.6
CVE-2008-0553 [LOW] CVE-2008-0553 tk: GIF handling buffer overflow
CVE-2008-0553 tk: GIF handling buffer overflow
tk GIF handling code is based on the same code as used by gd and SDL_image and
is affected by the overflow known as CVE-2006-4484 and CVE-2007-6697.
ReadImage function in tkImgGIF.c does not properly check the value of
initialCodeSize value read from GIF image before using it as upper bound during
the initialization of append array. This can result in stack buffer overflow.
Upstream fix:
http://tktoolkit.cvs.sourceforge.net/tktoolkit/tk/generic/tkImgGIF.c?r1=1.40&r2=1.41
This is expected to be included in upstream tk version 8.5.1.
Related issues:
CVE-2006-4484 (gd), CVE-2007-6697 (SDL_image), CVE-2008-0554 (netpbm)
Discussion:
perl-Tk uses embedded copy of tk source code and is affected by this problem
too. Adding perl-Tk maintainers t
Bugzilla
CVE-2008-0553 tk: GIF handling buffer overflow [rawhide]
bugzilla·2008-02-05·CVSS 2.6
CVE-2008-0553 [LOW] CVE-2008-0553 tk: GIF handling buffer overflow [rawhide]
CVE-2008-0553 tk: GIF handling buffer overflow [rawhide]
+++ This bug was initially created as a clone of Bug #431518 +++
tk GIF handling code is based on the same code as used by gd and SDL_image and
is affected by the overflow known as CVE-2006-4484 and CVE-2007-6697.
ReadImage function in tkImgGIF.c does not properly check the value of
initialCodeSize value read from GIF image before using it as upper bound during
the initialization of append array. This can result in stack buffer overflow.
Upstream fix:
http://tktoolkit.cvs.sourceforge.net/tktoolkit/tk/generic/tkImgGIF.c?r1=1.40&r2=1.41
This is expected to be included in upstream tk version 8.5.1.
Related issues:
CVE-2006-4484 (gd), CVE-2007-6697 (SDL_image), CVE-2008-0554 (netpbm)
-- Additional comment from [email protected] on
Bugzilla
CVE-2006-4484 gd: GIF handling buffer overflow
bugzilla·2008-02-05·CVSS 2.6
CVE-2006-4484 [LOW] CVE-2006-4484 gd: GIF handling buffer overflow
CVE-2006-4484 gd: GIF handling buffer overflow
Common Vulnerabilities and Exposures assigned an identifier CVE-2006-4484 to the following vulnerability:
Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array.
References:
http://bugs.php.net/bug.php?id=38112
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_gif_in.c?r1=1.10&r2=1.11
http://www.php.net/ChangeLog-5.php#5.1.5
Discussion:
This issue was addressed in php packages in following advisories:
Red Hat Enterprise Linux:
http://rhn.redhat.com/errata/RHSA-2006-0669.html
Red Hat Application Stack:
htt
Bugzilla
CVE-2008-0554 netpbm: GIF handling buffer overflow in giftopnm
bugzilla·2008-02-05·CVSS 2.6
CVE-2008-0554 [LOW] CVE-2008-0554 netpbm: GIF handling buffer overflow in giftopnm
CVE-2008-0554 netpbm: GIF handling buffer overflow in giftopnm
GIF handling code used in netpbm's giftopnm converter is based on the same code
as used by gd and SDL_image and is affected by the overflow known as
CVE-2006-4484 and CVE-2007-6697.
readImageData function in giftopnm.c does not properly check the value of
lzwMinCodeSize value read from GIF image before passing it to lzwInit, which
uses it as upper bound during the initialization of fixed sized table array,
leading to a buffer overflow.
This issue was fixed in upstream version 10.27. Code checking the value is in
the initial giftopnm.c revision in projects public SVN repository:
http://netpbm.svn.sourceforge.net/viewvc/netpbm/trunk/converter/other/giftopnm.c?revision=1&view=markup#l_1052
This issue does not affect netpbm pa
Bugzilla
CVE-2007-6697 SDL_image: GIF handling buffer overflow
bugzilla·2008-01-24·CVSS 2.6
CVE-2007-6697 [LOW] CVE-2007-6697 SDL_image: GIF handling buffer overflow
CVE-2007-6697 SDL_image: GIF handling buffer overflow
Input validation flaw was discovered in the SDL_image image handling library.
Value read from the Gif file is not properly validated against the buffer size
and can cause a buffer overflow.
More details about this issue can be found here:
http://marc.info/?l=bugtraq&m=120110205511630&w=4
Advisory states new upstream version 1.2.7 should be released soon addressing
this flaw.
Relevant upstream SVN commit seems to be:
http://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/IMG_gif.c?r1=3462&r2=3461&pathrev=3462
Discussion:
Created attachment 292800
Reproducer from the advisory
---
This seems to be the same issue as CVE-2006-4484 (reported for gd embedded in
php sources back in 2006):
Buffer overflow in the LWZReadByte_ function in
Bugzilla
CVE-2006-4020 PHP security issues (CVE-2006-4482 CVE-2006-4484 CVE-2006-4485 CVE-2006-4486)
bugzilla·2006-09-19·CVSS 4.6
CVE-2006-4020 [MEDIUM] CVE-2006-4020 PHP security issues (CVE-2006-4482 CVE-2006-4484 CVE-2006-4485 CVE-2006-4486)
CVE-2006-4020 PHP security issues (CVE-2006-4482 CVE-2006-4484 CVE-2006-4485 CVE-2006-4486)
Description of problem:
The following issues affect the PHP package:
CVE-2006-4486 PHP integer overflows in Zend
CVE-2006-4485 PHP buffer overread in str_ipos
CVE-2006-4482 PHP heap overflow in wordwrap/str_repeat
CVE-2006-4020 PHP sscanf buffer overflow
CVE-2006-4484 PHP heap overflow in LWZReadByte
Version-Release number of selected component (if applicable):
php-5.1.4-1.el4s1.2
Discussion:
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solutio
Bugzilla
CVE-2006-4484 PHP heap overflow in LWZReadByte
bugzilla·2006-09-18·CVSS 2.6
CVE-2006-4484 [LOW] CVE-2006-4484 PHP heap overflow in LWZReadByte
CVE-2006-4484 PHP heap overflow in LWZReadByte
PHP GIF heap overflow.
Heap buffer overflow in the GD extension, in the LWZReadByte() function,
triggered by invalid GIF files.
http://bugs.php.net/bug.php?id=38112
http://www.php.net/release_5_1_5.php
This issue also affects RHEL3
This issue does not affect RHEL2.1 (GIF support not present)
Discussion:
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
http://rhn.redhat.com/errata/RHSA-2006-0669.html
ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.aschttp://bugs.php.net/bug.php?id=38112http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_gif_in.c?r1=1.10&r2=1.11http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_gif_in.c?view=loghttp://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.htmlhttp://rhn.redhat.com/errata/RHSA-2006-0688.htmlhttp://secunia.com/advisories/21546http://secunia.com/advisories/21768http://secunia.com/advisories/21842http://secunia.com/advisories/22039http://secunia.com/advisories/22069http://secunia.com/advisories/22225http://secunia.com/advisories/22440http://secunia.com/advisories/22487http://secunia.com/advisories/22538http://secunia.com/advisories/28768http://secunia.com/advisories/28838http://secunia.com/advisories/28845http://secunia.com/advisories/28866http://secunia.com/advisories/28959http://secunia.com/advisories/29157http://secunia.com/advisories/29242http://secunia.com/advisories/29546http://secunia.com/advisories/30717http://securitytracker.com/id?1016984http://support.avaya.com/elmodocs2/security/ASA-2006-222.htmhttp://support.avaya.com/elmodocs2/security/ASA-2006-223.htmhttp://wiki.rpath.com/Advisories:rPSA-2008-0046http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0046http://www.mandriva.com/security/advisories?name=MDKSA-2006:162http://www.mandriva.com/security/advisories?name=MDVSA-2008:038http://www.mandriva.com/security/advisories?name=MDVSA-2008:077http://www.novell.com/linux/security/advisories/2006_52_php.htmlhttp://www.novell.com/linux/security/advisories/2008_13_sr.htmlhttp://www.php.net/ChangeLog-5.php#5.1.5http://www.php.net/release_5_1_5.phphttp://www.redhat.com/support/errata/RHSA-2008-0146.htmlhttp://www.securityfocus.com/archive/1/447866/100/0/threadedhttp://www.securityfocus.com/archive/1/487683/100/0/threadedhttp://www.securityfocus.com/archive/1/488008/100/0/threadedhttp://www.securityfocus.com/bid/19582http://www.turbolinux.com/security/2006/TLSA-2006-38.txthttp://www.ubuntu.com/usn/usn-342-1http://www.vupen.com/english/advisories/2006/3318https://bugzilla.redhat.com/show_bug.cgi?id=431568https://issues.rpath.com/browse/RPL-2218https://issues.rpath.com/browse/RPL-683https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9004https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00502.htmlftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.aschttp://bugs.php.net/bug.php?id=38112http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_gif_in.c?r1=1.10&r2=1.11http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_gif_in.c?view=loghttp://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.htmlhttp://rhn.redhat.com/errata/RHSA-2006-0688.htmlhttp://secunia.com/advisories/21546http://secunia.com/advisories/21768http://secunia.com/advisories/21842http://secunia.com/advisories/22039http://secunia.com/advisories/22069http://secunia.com/advisories/22225http://secunia.com/advisories/22440http://secunia.com/advisories/22487http://secunia.com/advisories/22538http://secunia.com/advisories/28768http://secunia.com/advisories/28838http://secunia.com/advisories/28845http://secunia.com/advisories/28866http://secunia.com/advisories/28959http://secunia.com/advisories/29157http://secunia.com/advisories/29242http://secunia.com/advisories/29546http://secunia.com/advisories/30717http://securitytracker.com/id?1016984http://support.avaya.com/elmodocs2/security/ASA-2006-222.htmhttp://support.avaya.com/elmodocs2/security/ASA-2006-223.htmhttp://wiki.rpath.com/Advisories:rPSA-2008-0046http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0046http://www.mandriva.com/security/advisories?name=MDKSA-2006:162http://www.mandriva.com/security/advisories?name=MDVSA-2008:038http://www.mandriva.com/security/advisories?name=MDVSA-2008:077http://www.novell.com/linux/security/advisories/2006_52_php.htmlhttp://www.novell.com/linux/security/advisories/2008_13_sr.htmlhttp://www.php.net/ChangeLog-5.php#5.1.5http://www.php.net/release_5_1_5.phphttp://www.redhat.com/support/errata/RHSA-2008-0146.htmlhttp://www.securityfocus.com/archive/1/447866/100/0/threadedhttp://www.securityfocus.com/archive/1/487683/100/0/threadedhttp://www.securityfocus.com/archive/1/488008/100/0/threadedhttp://www.securityfocus.com/bid/19582http://www.turbolinux.com/security/2006/TLSA-2006-38.txthttp://www.ubuntu.com/usn/usn-342-1http://www.vupen.com/english/advisories/2006/3318https://bugzilla.redhat.com/show_bug.cgi?id=431568https://issues.rpath.com/browse/RPL-2218https://issues.rpath.com/browse/RPL-683https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9004https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00502.html
2006-08-31
Published