CVE-2007-3477 — GD Graphics Library vulnerability

CWE-39910 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

7.2%

top 8.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Racket Debian Libgd2 Debian Libwmf +2 more

Timeline

PublishedJun 28

Latest updateMay 3

Description

The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allow attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages5 packages

▶NVDlibgd/gd_graphics_library2.0.35+3

▶debiandebian/libgd2< libgd2 2.0.35.dfsg-1 (bookworm)

▶debiandebian/libwmf< libgd2 2.0.35.dfsg-1 (bookworm)

▶debiandebian/racket< libgd2 2.0.35.dfsg-1 (bookworm)

▶Debianracket/racket< 5.0.2-1+3

Patches

Patch: ftp.slackware.com ↗Patch: www.libgd.org ↗Patch: ftp.slackware.com ↗

🔴Vulnerability Details

GHSA

GHSA-rw88-xg62-qv59: The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2↗2022-05-03

▶

OSV

CVE-2007-3477: The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2↗2007-06-28

▶

📋Vendor Advisories

Ubuntu

GD library vulnerabilities↗2009-11-05

▶

Red Hat

gd: arc drawing functions can consume large amount of CPU time↗2007-06-21

▶

Debian

CVE-2007-3477: libgd2 - The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd)...↗2007

▶

💬Community

Bugzilla

Embeds vulnerable version of gd prone to many CVEs↗2010-12-05

▶

Bugzilla

CVE-2007-3477 gd: arc drawing functions can consume large amount of CPU time↗2007-09-04

▶

Bugzilla

CVE-2007-3472 CVE-2007-3473 CVE-2007-3474 CVE-2007-3475 CVE-2007-3476 CVE-2007-3477 CVE-2007-3478 gd various flaws [FC6]↗2007-09-04

▶

Bugzilla

CVE-2007-3472 CVE-2007-3473 CVE-2007-3474 CVE-2007-3475 CVE-2007-3476 CVE-2007-3477 CVE-2007-3478 gd various flaws [F7]↗2007-09-04

▶