CVE-2007-3476
published 2007-06-28CVE-2007-3476: Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and…
PriorityP414medium4.3CVSS 2.0
AVNACMAuNCNINAP
EPSS
2.46%
82.4th percentile
Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libgd2 | < libgd2 2.0.35.dfsg-1 (bookworm) | libgd2 2.0.35.dfsg-1 (bookworm) |
| debian | libwmf | < libgd2 2.0.35.dfsg-1 (bookworm) | libgd2 2.0.35.dfsg-1 (bookworm) |
| debian | racket | < libgd2 2.0.35.dfsg-1 (bookworm) | libgd2 2.0.35.dfsg-1 (bookworm) |
| gd_graphics_library | gdlib | <= 2.0.34 | — |
| racket | racket | >= 0 < 5.0.2-1 | 5.0.2-1 |
| racket | racket | >= 0 < 5.0.2-1 | 5.0.2-1 |
| racket | racket | >= 0 < 5.0.2-1 | 5.0.2-1 |
| racket | racket | >= 0 < 5.0.2-1 | 5.0.2-1 |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv4.3MEDIUM
vendor_debian4.3LOW
vendor_redhat4.3MEDIUM
vendor_ubuntu4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3mpq-f59x-83gx: Array index error in gd_gif_in
ghsa_unreviewed·2022-05-03
CVE-2007-3476 [MEDIUM] GHSA-3mpq-f59x-83gx: Array index error in gd_gif_in
Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault.
OSV
CVE-2007-3476: Array index error in gd_gif_in
osv·2007-06-28·CVSS 4.3
CVE-2007-3476 [MEDIUM] CVE-2007-3476: Array index error in gd_gif_in
Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault.
Ubuntu
GD library vulnerabilities
vendor_ubuntu·2009-11-05·CVSS 4.3
CVE-2007-3476 [MEDIUM] GD library vulnerabilities
Title: GD library vulnerabilities
Summary: GD library vulnerabilities
Tomas Hoger discovered that the GD library did not properly handle the
number of colors in certain malformed GD images. If a user or automated
system were tricked into processing a specially crafted GD image, an
attacker could cause a denial of service or possibly execute arbitrary
code. (CVE-2009-3546)
It was discovered that the GD library did not properly handle incorrect
color indexes. An attacker could send specially crafted input to
applications linked against libgd2 and cause a denial of service or
possibly execute arbitrary code. This issue only affected Ubuntu 6.06 LTS.
(CVE-2009-3293)
It was discovered that the GD library did not properly handle certain
malformed GIF images. If a user or automated system wer
Red Hat
libgd Denial of service by corrupted GIF images
vendor_redhat·2007-06-21·CVSS 4.3
CVE-2007-3476 [MEDIUM] libgd Denial of service by corrupted GIF images
libgd Denial of service by corrupted GIF images
Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault.
Statement: Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-3476
The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.
Debian
CVE-2007-3476: libgd2 - Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.3...
vendor_debian·2007·CVSS 4.3
CVE-2007-3476 [MEDIUM] CVE-2007-3476: libgd2 - Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.3...
Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault.
Scope: local
bookworm: resolved (fixed in 2.0.35.dfsg-1)
bullseye: resolved (fixed in 2.0.35.dfsg-1)
forky: resolved (fixed in 2.0.35.dfsg-1)
sid: resolved (fixed in 2.0.35.dfsg-1)
trixie: resolved (fixed in 2.0.35.dfsg-1)
No detection rules found.
No public exploits indexed.
Bugzilla
Embeds vulnerable version of gd prone to many CVEs
bugzilla·2010-12-05·CVSS 7.5
CVE-2007-0455 [HIGH] Embeds vulnerable version of gd prone to many CVEs
Embeds vulnerable version of gd prone to many CVEs
Description of problem:
libwmf embeds an old version of gd (2.0.1beta) which has a number of vulnerabilities associated with it.
CVE-2007-0455 CVE-2007-3472 CVE-2007-3473 CVE-2007-3474 CVE-2007-3475 CVE-2007-3476 CVE-2007-3477 CVE-2007-3478
Cursory inspection of one of the patch diffs shows that no patches have been applied to libwmf.
Version-Release number of selected component (if applicable):
Name: libwmf
Version: 0.2.8.4
Release: 26.fc14
Additional info:
Ideally, the system wide gd library could be used instead of the embedded copy. This would prevent future issues like this from happening.
Discussion:
The reason libgd was ever embedded because the original version back then didn't have a clipping mechanism. The new one does,
Bugzilla
CVE-2007-3476 libgd Denial of service by corrupted GIF images
bugzilla·2007-09-04·CVSS 4.3
CVE-2007-3476 [MEDIUM] CVE-2007-3476 libgd Denial of service by corrupted GIF images
CVE-2007-3476 libgd Denial of service by corrupted GIF images
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-3476 to the following vulnerability:
Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault.
References:
http://www.libgd.org/ReleaseNote020035
http://bugs.libgd.org/?do=details&task_id=87
http://bugs.php.net/bug.php?id=41630
Discussion:
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_gif_in.c?r1=1.16&r2=1.17
---
Same patch as above, but directly in libgd CVS repo:
http://cvs.php.net/viewcvs.cgi/gd/libgd/src/gd_gif_in.c?r1=1.8&r2=1.9
---
Bugzilla
CVE-2007-3472 CVE-2007-3473 CVE-2007-3474 CVE-2007-3475 CVE-2007-3476 CVE-2007-3477 CVE-2007-3478 gd various flaws [FC6]
bugzilla·2007-09-04·CVSS 4.3
CVE-2007-3472 [MEDIUM] CVE-2007-3472 CVE-2007-3473 CVE-2007-3474 CVE-2007-3475 CVE-2007-3476 CVE-2007-3477 CVE-2007-3478 gd various flaws [FC6]
CVE-2007-3472 CVE-2007-3473 CVE-2007-3474 CVE-2007-3475 CVE-2007-3476 CVE-2007-3477 CVE-2007-3478 gd various flaws [FC6]
FC6 tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
Fixed in gd-2.0.35-1.fc6.
Bugzilla
CVE-2007-3472 CVE-2007-3473 CVE-2007-3474 CVE-2007-3475 CVE-2007-3476 CVE-2007-3477 CVE-2007-3478 gd various flaws [F7]
bugzilla·2007-09-04·CVSS 4.3
CVE-2007-3472 [MEDIUM] CVE-2007-3472 CVE-2007-3473 CVE-2007-3474 CVE-2007-3475 CVE-2007-3476 CVE-2007-3477 CVE-2007-3478 gd various flaws [F7]
CVE-2007-3472 CVE-2007-3473 CVE-2007-3474 CVE-2007-3475 CVE-2007-3476 CVE-2007-3477 CVE-2007-3478 gd various flaws [F7]
F7 tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
gd-2.0.35-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgzhttp://bugs.libgd.org/?do=details&task_id=87http://fedoranews.org/updates/FEDORA-2007-205.shtmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.htmlhttp://osvdb.org/37741http://secunia.com/advisories/25860http://secunia.com/advisories/26272http://secunia.com/advisories/26390http://secunia.com/advisories/26415http://secunia.com/advisories/26467http://secunia.com/advisories/26663http://secunia.com/advisories/26766http://secunia.com/advisories/26856http://secunia.com/advisories/29157http://secunia.com/advisories/30168http://secunia.com/advisories/31168http://secunia.com/advisories/42813http://security.gentoo.org/glsa/glsa-200708-05.xmlhttp://security.gentoo.org/glsa/glsa-200711-34.xmlhttp://security.gentoo.org/glsa/glsa-200805-13.xmlhttp://www.debian.org/security/2008/dsa-1613http://www.libgd.org/ReleaseNote020035http://www.mandriva.com/security/advisories?name=MDKSA-2007:153http://www.mandriva.com/security/advisories?name=MDKSA-2007:164http://www.novell.com/linux/security/advisories/2007_15_sr.htmlhttp://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0146.htmlhttp://www.securityfocus.com/archive/1/478796/100/0/threadedhttp://www.securityfocus.com/bid/24651http://www.trustix.org/errata/2007/0024/http://www.vupen.com/english/advisories/2011/0022https://bugzilla.redhat.com/show_bug.cgi?id=277421https://issues.rpath.com/browse/RPL-1643https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10348ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgzhttp://bugs.libgd.org/?do=details&task_id=87http://fedoranews.org/updates/FEDORA-2007-205.shtmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.htmlhttp://osvdb.org/37741http://secunia.com/advisories/25860http://secunia.com/advisories/26272http://secunia.com/advisories/26390http://secunia.com/advisories/26415http://secunia.com/advisories/26467http://secunia.com/advisories/26663http://secunia.com/advisories/26766http://secunia.com/advisories/26856http://secunia.com/advisories/29157http://secunia.com/advisories/30168http://secunia.com/advisories/31168http://secunia.com/advisories/42813http://security.gentoo.org/glsa/glsa-200708-05.xmlhttp://security.gentoo.org/glsa/glsa-200711-34.xmlhttp://security.gentoo.org/glsa/glsa-200805-13.xmlhttp://www.debian.org/security/2008/dsa-1613http://www.libgd.org/ReleaseNote020035http://www.mandriva.com/security/advisories?name=MDKSA-2007:153http://www.mandriva.com/security/advisories?name=MDKSA-2007:164http://www.novell.com/linux/security/advisories/2007_15_sr.htmlhttp://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0146.htmlhttp://www.securityfocus.com/archive/1/478796/100/0/threadedhttp://www.securityfocus.com/bid/24651http://www.trustix.org/errata/2007/0024/http://www.vupen.com/english/advisories/2011/0022https://bugzilla.redhat.com/show_bug.cgi?id=277421https://issues.rpath.com/browse/RPL-1643https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10348
2007-06-28
Published