Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-3473NULL Pointer Dereference in GD Graphics Library

CWE-476NULL Pointer Dereference11 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
10.3%
top 6.80%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Debian Libgd2Libgd GD Graphics Library
Timeline
PublishedJun 28
Latest updateMay 3

Description

The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

debiandebian/libgd2< libgd2 2.0.35.dfsg-1 (bookworm)

🔴Vulnerability Details

2
GHSA
GHSA-6q4h-qfmx-rq72: The gdImageCreateXbm function in the GD Graphics Library (libgd) before 22022-05-03
OSV
CVE-2007-3473: The gdImageCreateXbm function in the GD Graphics Library (libgd) before 22007-06-28

💥Exploits & PoCs

1
Exploit-DB
GD Graphics Library 2.0.34 - 'libgd' gdImageCreateXbm Function Unspecified Denial of Service2007-06-26

📋Vendor Advisories

2
Red Hat
libgd NULL pointer dereference when reading a corrupt X bitmap2007-06-21
Debian
CVE-2007-3473: libgd2 - The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 a...2007

💬Community

5
Bugzilla
Embeds vulnerable version of gd prone to many CVEs2010-12-05
Bugzilla
CVE-2007-3473 libgd NULL pointer dereference when reading a corrupt X bitmap2007-09-04
Bugzilla
CVE-2007-3472 libgd Integer overflow in TrueColor code2007-09-04
Bugzilla
CVE-2007-3472 CVE-2007-3473 CVE-2007-3474 CVE-2007-3475 CVE-2007-3476 CVE-2007-3477 CVE-2007-3478 gd various flaws [FC6]2007-09-04
Bugzilla
CVE-2007-3472 CVE-2007-3473 CVE-2007-3474 CVE-2007-3475 CVE-2007-3476 CVE-2007-3477 CVE-2007-3478 gd various flaws [F7]2007-09-04
CVE-2007-3473 — NULL Pointer Dereference | cvebase