CVE-2007-0455 — Classic Buffer Overflow in Graphics Library Project GD Graphics Library

CWE-120 — Classic Buffer Overflow CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents7 sources

Severity

7.5HIGHNVD

EPSS

5.5%

top 9.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

PHP Debian Libgd2 GD Graphics Library Project GD Graphics Library +5 more

Timeline

PublishedJan 30

Latest updateMay 1

Description

Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages6 packages

▶NVDgd_graphics_library_project/gd_graphics_library2.0.33

▶NVDphp/php4.4.0 — 4.4.7

▶debiandebian/libgd2< libgd2 2.0.35.dfsg-1 (bookworm)

▶NVDredhat/enterprise_linux_server3.0, 4.0+1

▶NVDredhat/enterprise_linux_desktop3.0, 4.0+1

Also affects: Fedora 13, 14, Ubuntu Linux 6.06, 6.10, 7.04

🔴Vulnerability Details

GHSA

GHSA-v7pw-4467-76mh: Buffer overflow in the gdImageStringFTEx function in gdft↗2022-05-01

▶

OSV

CVE-2007-0455: Buffer overflow in the gdImageStringFTEx function in gdft↗2007-01-30

▶

📋Vendor Advisories

Ubuntu

libgd2 vulnerabilities↗2007-06-12

▶

Red Hat

gd: buffer overrun↗2007-01-26

▶

Debian

CVE-2007-0455: libgd2 - Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Libra...↗2007

▶

💬Community

Bugzilla

Embeds vulnerable version of gd prone to many CVEs↗2010-12-05

▶

Bugzilla

CVE-2007-0455 gd buffer overrun↗2007-03-28

▶

Bugzilla

CVE-2007-0455 gd buffer overrun↗2007-01-26

▶

Bugzilla

CVE-2007-0455 gd: buffer overrun↗2007-01-26

▶