CVE-2007-3472
published 2007-06-28CVE-2007-3472: Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified…
PriorityP420medium4.3CVSS 2.0
AVNACMAuNCNINAP
EPSS
7.32%
93.6th percentile
Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified attack vectors and impact.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libgd2 | < libgd2 2.0.35.dfsg-1 (bookworm) | libgd2 2.0.35.dfsg-1 (bookworm) |
| libgd | gd_graphics_library | <= 2.0.35 | — |
| libgd | gd_graphics_library | — | — |
| libgd | gd_graphics_library | — | — |
| libgd | gd_graphics_library | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv4.3MEDIUM
vendor_debian4.3LOW
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4q72-m435-qg7x: Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2
ghsa_unreviewed·2022-05-03
CVE-2007-3472 [MEDIUM] GHSA-4q72-m435-qg7x: Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2
Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified attack vectors and impact.
OSV
CVE-2007-3472: Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2
osv·2007-06-28·CVSS 4.3
CVE-2007-3472 [MEDIUM] CVE-2007-3472: Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2
Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified attack vectors and impact.
Red Hat
libgd Integer overflow in TrueColor code
vendor_redhat·2007-06-21·CVSS 4.3
CVE-2007-3472 [MEDIUM] CWE-190 libgd Integer overflow in TrueColor code
libgd Integer overflow in TrueColor code
Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified attack vectors and impact.
Statement: Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates to libwmf on Red Hat Enterprise Linux 5 and 6. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Package: libwmf (Red Hat Enterprise Linux 4) - Will not fix
Package: libwmf (Red Hat Enterprise Linux 5) - Will not fix
Package: libwmf (Red Hat Enterprise Linux 6) - Will not fix
Debian
CVE-2007-3472: libgd2 - Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (...
vendor_debian·2007·CVSS 4.3
CVE-2007-3472 [MEDIUM] CVE-2007-3472: libgd2 - Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (...
Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified attack vectors and impact.
Scope: local
bookworm: resolved (fixed in 2.0.35.dfsg-1)
bullseye: resolved (fixed in 2.0.35.dfsg-1)
forky: resolved (fixed in 2.0.35.dfsg-1)
sid: resolved (fixed in 2.0.35.dfsg-1)
trixie: resolved (fixed in 2.0.35.dfsg-1)
No detection rules found.
No public exploits indexed.
Bugzilla
Embeds vulnerable version of gd prone to many CVEs
bugzilla·2010-12-05·CVSS 7.5
CVE-2007-0455 [HIGH] Embeds vulnerable version of gd prone to many CVEs
Embeds vulnerable version of gd prone to many CVEs
Description of problem:
libwmf embeds an old version of gd (2.0.1beta) which has a number of vulnerabilities associated with it.
CVE-2007-0455 CVE-2007-3472 CVE-2007-3473 CVE-2007-3474 CVE-2007-3475 CVE-2007-3476 CVE-2007-3477 CVE-2007-3478
Cursory inspection of one of the patch diffs shows that no patches have been applied to libwmf.
Version-Release number of selected component (if applicable):
Name: libwmf
Version: 0.2.8.4
Release: 26.fc14
Additional info:
Ideally, the system wide gd library could be used instead of the embedded copy. This would prevent future issues like this from happening.
Discussion:
The reason libgd was ever embedded because the original version back then didn't have a clipping mechanism. The new one does,
Bugzilla
CVE-2007-3473 libgd NULL pointer dereference when reading a corrupt X bitmap
bugzilla·2007-09-04·CVSS 4.3
CVE-2007-3473 [MEDIUM] CVE-2007-3473 libgd NULL pointer dereference when reading a corrupt X bitmap
CVE-2007-3473 libgd NULL pointer dereference when reading a corrupt X bitmap
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-3473 to the following vulnerability:
The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure.
References:
http://bugs.libgd.org/?do=details&task_id=94
http://www.libgd.org/ReleaseNote020035
http://news.php.net/php.gd.cvs/235
Discussion:
On failure, gdImageCreate() returns NULL which is in turn dereferenced by
gdImageCreateFromXbm() (gdImageCreateXbm doesn't exist at all).
---
http://news.php.net/php.gd.cvs/235
---
Upstream commit:
http://cvs.php.net/viewcvs.cgi/gd/libgd/src/gd.c?r1=1
Bugzilla
CVE-2007-3472 libgd Integer overflow in TrueColor code
bugzilla·2007-09-04·CVSS 4.3
CVE-2007-3472 [MEDIUM] CVE-2007-3472 libgd Integer overflow in TrueColor code
CVE-2007-3472 libgd Integer overflow in TrueColor code
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-3472 to the following vulnerability:
Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers has unspecified attack vectors and impact.
References:
http://bugs.libgd.org/?do=details&task_id=89
Discussion:
This just leads to unsuccessful attempt to allocate huge amount of memory and a
NULL dereference in turn. Just a crash.
---
(In reply to comment #1)
> This just leads to unsuccessful attempt to allocate huge amount of memory
> and a NULL dereference in turn. Just a crash.
What you refer to here is more likely:
http://bugs.libgd.org/?do=details&task_id=14
http://cvs.php.net/vie
Bugzilla
CVE-2007-3472 CVE-2007-3473 CVE-2007-3474 CVE-2007-3475 CVE-2007-3476 CVE-2007-3477 CVE-2007-3478 gd various flaws [FC6]
bugzilla·2007-09-04·CVSS 4.3
CVE-2007-3472 [MEDIUM] CVE-2007-3472 CVE-2007-3473 CVE-2007-3474 CVE-2007-3475 CVE-2007-3476 CVE-2007-3477 CVE-2007-3478 gd various flaws [FC6]
CVE-2007-3472 CVE-2007-3473 CVE-2007-3474 CVE-2007-3475 CVE-2007-3476 CVE-2007-3477 CVE-2007-3478 gd various flaws [FC6]
FC6 tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
Fixed in gd-2.0.35-1.fc6.
Bugzilla
CVE-2007-3472 CVE-2007-3473 CVE-2007-3474 CVE-2007-3475 CVE-2007-3476 CVE-2007-3477 CVE-2007-3478 gd various flaws [F7]
bugzilla·2007-09-04·CVSS 4.3
CVE-2007-3472 [MEDIUM] CVE-2007-3472 CVE-2007-3473 CVE-2007-3474 CVE-2007-3475 CVE-2007-3476 CVE-2007-3477 CVE-2007-3478 gd various flaws [F7]
CVE-2007-3472 CVE-2007-3473 CVE-2007-3474 CVE-2007-3475 CVE-2007-3476 CVE-2007-3477 CVE-2007-3478 gd various flaws [F7]
F7 tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
gd-2.0.35-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgzhttp://bugs.libgd.org/?do=details&task_id=89http://fedoranews.org/updates/FEDORA-2007-205.shtmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.htmlhttp://osvdb.org/37745http://secunia.com/advisories/25855http://secunia.com/advisories/25860http://secunia.com/advisories/26272http://secunia.com/advisories/26390http://secunia.com/advisories/26415http://secunia.com/advisories/26467http://secunia.com/advisories/26663http://secunia.com/advisories/26766http://secunia.com/advisories/26856http://secunia.com/advisories/29157http://secunia.com/advisories/30168http://secunia.com/advisories/42813http://security.gentoo.org/glsa/glsa-200708-05.xmlhttp://security.gentoo.org/glsa/glsa-200711-34.xmlhttp://security.gentoo.org/glsa/glsa-200805-13.xmlhttp://www.libgd.org/ReleaseNote020035http://www.mandriva.com/security/advisories?name=MDKSA-2007:153http://www.mandriva.com/security/advisories?name=MDKSA-2007:164http://www.novell.com/linux/security/advisories/2007_15_sr.htmlhttp://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0146.htmlhttp://www.securityfocus.com/archive/1/478796/100/0/threadedhttp://www.securityfocus.com/bid/24651http://www.secweb.se/en/advisories/gd-gdimagecreatetruecolor-integer-overflow/http://www.trustix.org/errata/2007/0024/http://www.vupen.com/english/advisories/2007/2336http://www.vupen.com/english/advisories/2011/0022https://bugzilla.redhat.com/show_bug.cgi?id=277421https://exchange.xforce.ibmcloud.com/vulnerabilities/35108https://issues.rpath.com/browse/RPL-1643https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11067ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgzhttp://bugs.libgd.org/?do=details&task_id=89http://fedoranews.org/updates/FEDORA-2007-205.shtmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.htmlhttp://osvdb.org/37745http://secunia.com/advisories/25855http://secunia.com/advisories/25860http://secunia.com/advisories/26272http://secunia.com/advisories/26390http://secunia.com/advisories/26415http://secunia.com/advisories/26467http://secunia.com/advisories/26663http://secunia.com/advisories/26766http://secunia.com/advisories/26856http://secunia.com/advisories/29157http://secunia.com/advisories/30168http://secunia.com/advisories/42813http://security.gentoo.org/glsa/glsa-200708-05.xmlhttp://security.gentoo.org/glsa/glsa-200711-34.xmlhttp://security.gentoo.org/glsa/glsa-200805-13.xmlhttp://www.libgd.org/ReleaseNote020035http://www.mandriva.com/security/advisories?name=MDKSA-2007:153http://www.mandriva.com/security/advisories?name=MDKSA-2007:164http://www.novell.com/linux/security/advisories/2007_15_sr.htmlhttp://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0146.htmlhttp://www.securityfocus.com/archive/1/478796/100/0/threadedhttp://www.securityfocus.com/bid/24651http://www.secweb.se/en/advisories/gd-gdimagecreatetruecolor-integer-overflow/http://www.trustix.org/errata/2007/0024/http://www.vupen.com/english/advisories/2007/2336http://www.vupen.com/english/advisories/2011/0022https://bugzilla.redhat.com/show_bug.cgi?id=277421https://exchange.xforce.ibmcloud.com/vulnerabilities/35108https://issues.rpath.com/browse/RPL-1643https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11067
2007-06-28
Published