CVE-2007-3476

CWE-18911 documents8 sources
Severity
4.3MEDIUM
EPSS
6.5%
top 8.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GD Graphics Library Gdlib
Timeline
PublishedJun 28
Latest updateMay 3

Description

Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

Debianlibgd2< 2.0.35.dfsg-1+3
Debianracket< 5.0.2-1+3

Patches

Patch: www.libgd.orgPatch: www.libgd.org

🔴Vulnerability Details

3
GHSA
GHSA-3mpq-f59x-83gx: Array index error in gd_gif_in2022-05-03
OSV
CVE-2007-3476: Array index error in gd_gif_in2007-06-28
CVEList
CVE-2007-3476: Array index error in gd_gif_in2007-06-28

📋Vendor Advisories

3
Ubuntu
GD library vulnerabilities2009-11-05
Red Hat
libgd Denial of service by corrupted GIF images2007-06-21
Debian
CVE-2007-3476: libgd2 - Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.3...2007

💬Community

4
Bugzilla
Embeds vulnerable version of gd prone to many CVEs2010-12-05
Bugzilla
CVE-2007-3476 libgd Denial of service by corrupted GIF images2007-09-04
Bugzilla
CVE-2007-3472 CVE-2007-3473 CVE-2007-3474 CVE-2007-3475 CVE-2007-3476 CVE-2007-3477 CVE-2007-3478 gd various flaws [FC6]2007-09-04
Bugzilla
CVE-2007-3472 CVE-2007-3473 CVE-2007-3474 CVE-2007-3475 CVE-2007-3476 CVE-2007-3477 CVE-2007-3478 gd various flaws [F7]2007-09-04
CVE-2007-3476 (MEDIUM CVSS 4.3) | Array index error in gd_gif_in.c in | cvebase.io