CVE-2007-1178
published 2007-03-02CVE-2007-1178: WebAPP before 0.9.9.5 does not check access in certain contexts related to (1) Calendar Administration, (2) Instant Messages Administration, and (3) the Image…
PriorityP425high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
1.38%
68.6th percentile
WebAPP before 0.9.9.5 does not check access in certain contexts related to (1) Calendar Administration, (2) Instant Messages Administration, and (3) the Image Uploader, which has unknown impact and attack vectors.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| web-app.org | webapp | <= 0.9.9.4 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Bugzilla
CVE-2007-0455 gd buffer overrun
bugzilla·2007-03-28·CVSS 7.5
CVE-2007-0455 [HIGH] CVE-2007-0455 gd buffer overrun
CVE-2007-0455 gd buffer overrun
+++ This bug was initially created as a clone of Bug #224607 +++
Kees Cook from Ubuntu reported a "off-the-end-of-string increment", which could
theoretically lead ot a buffer overflow.
This flaw would only be exploitable if a JIS-encoded font is used when
processing a special malicious string.
The issue here is that the NULL terminator is incremented, which could lead to
unknown results during the processing of the malicious string.
Index: gdft.c
RCS file: /repository/gd/libgd/gdft.c,v
retrieving revision 1.28
diff -u -p -r1.28 gdft.c
--- gdft.c 3 Jan 2007 21:21:21 -0000 1.28
+++ gdft.c 24 Jan 2007 23:00:55 -0000
@@ -1178,7 +1178,7 @@ fprintf(stderr,"dpi=%d,%d metric_res=%d
{
ch = c & 0xFF; /* don't extend sign */
}
- next++;
+ if (*next) next++;
}
bre
Bugzilla
CVE-2007-0455 gd buffer overrun
bugzilla·2007-01-26·CVSS 7.5
CVE-2007-0455 [HIGH] CVE-2007-0455 gd buffer overrun
CVE-2007-0455 gd buffer overrun
+++ This bug was initially created as a clone of Bug #224607 +++
Kees Cook from Ubuntu reported a "off-the-end-of-string increment", which could
theoretically lead ot a buffer overflow.
This flaw would only be exploitable if a JIS-encoded font is used when
processing a special malicious string.
The issue here is that the NULL terminator is incremented, which could lead to
unknown results during the processing of the malicious string.
Index: gdft.c
RCS file: /repository/gd/libgd/gdft.c,v
retrieving revision 1.28
diff -u -p -r1.28 gdft.c
--- gdft.c 3 Jan 2007 21:21:21 -0000 1.28
+++ gdft.c 24 Jan 2007 23:00:55 -0000
@@ -1178,7 +1178,7 @@ fprintf(stderr,"dpi=%d,%d metric_res=%d
{
ch = c & 0xFF; /* don't extend sign */
}
- next++;
+ if (*next) next++;
}
bre
Bugzilla
CVE-2007-0455 gd: buffer overrun
bugzilla·2007-01-26·CVSS 7.5
CVE-2007-0455 [HIGH] CVE-2007-0455 gd: buffer overrun
CVE-2007-0455 gd: buffer overrun
Kees Cook from Ubuntu reported a "off-the-end-of-string increment", which could
theoretically lead ot a buffer overflow.
This flaw would only be exploitable if a JIS-encoded font is used when
processing a special malicious string.
The issue here is that the NULL terminator is incremented, which could lead to
unknown results during the processing of the malicious string.
Index: gdft.c
RCS file: /repository/gd/libgd/gdft.c,v
retrieving revision 1.28
diff -u -p -r1.28 gdft.c
--- gdft.c 3 Jan 2007 21:21:21 -0000 1.28
+++ gdft.c 24 Jan 2007 23:00:55 -0000
@@ -1178,7 +1178,7 @@ fprintf(stderr,"dpi=%d,%d metric_res=%d
{
ch = c & 0xFF; /* don't extend sign */
}
- next++;
+ if (*next) next++;
}
break;
case gdFTEX_Big5:
Discussion:
This flaw does not affect gd
http://osvdb.org/33279http://osvdb.org/33282http://secunia.com/advisories/24080http://www.securityfocus.com/bid/22563http://www.vupen.com/english/advisories/2007/0604http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=250http://osvdb.org/33279http://osvdb.org/33282http://secunia.com/advisories/24080http://www.securityfocus.com/bid/22563http://www.vupen.com/english/advisories/2007/0604http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=250
2007-03-02
Published