CVE-2007-3477
published 2007-06-28CVE-2007-3477: The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allow attackers to cause a denial of service (CPU consumption)…
PriorityP419medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
4.86%
90.9th percentile
The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allow attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libgd2 | < libgd2 2.0.35.dfsg-1 (bookworm) | libgd2 2.0.35.dfsg-1 (bookworm) |
| debian | libwmf | < libgd2 2.0.35.dfsg-1 (bookworm) | libgd2 2.0.35.dfsg-1 (bookworm) |
| debian | racket | < libgd2 2.0.35.dfsg-1 (bookworm) | libgd2 2.0.35.dfsg-1 (bookworm) |
| libgd | gd_graphics_library | <= 2.0.35 | — |
| libgd | gd_graphics_library | — | — |
| libgd | gd_graphics_library | — | — |
| libgd | gd_graphics_library | — | — |
| racket | racket | >= 0 < 5.0.2-1 | 5.0.2-1 |
| racket | racket | >= 0 < 5.0.2-1 | 5.0.2-1 |
| racket | racket | >= 0 < 5.0.2-1 | 5.0.2-1 |
| racket | racket | >= 0 < 5.0.2-1 | 5.0.2-1 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
vendor_ubuntu4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rw88-xg62-qv59: The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2
ghsa_unreviewed·2022-05-03
CVE-2007-3477 [MEDIUM] GHSA-rw88-xg62-qv59: The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2
The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allow attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value.
OSV
CVE-2007-3477: The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2
osv·2007-06-28·CVSS 5.0
CVE-2007-3477 [MEDIUM] CVE-2007-3477: The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2
The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allow attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value.
Ubuntu
GD library vulnerabilities
vendor_ubuntu·2009-11-05·CVSS 4.3
CVE-2007-3476 [MEDIUM] GD library vulnerabilities
Title: GD library vulnerabilities
Summary: GD library vulnerabilities
Tomas Hoger discovered that the GD library did not properly handle the
number of colors in certain malformed GD images. If a user or automated
system were tricked into processing a specially crafted GD image, an
attacker could cause a denial of service or possibly execute arbitrary
code. (CVE-2009-3546)
It was discovered that the GD library did not properly handle incorrect
color indexes. An attacker could send specially crafted input to
applications linked against libgd2 and cause a denial of service or
possibly execute arbitrary code. This issue only affected Ubuntu 6.06 LTS.
(CVE-2009-3293)
It was discovered that the GD library did not properly handle certain
malformed GIF images. If a user or automated system wer
Red Hat
gd: arc drawing functions can consume large amount of CPU time
vendor_redhat·2007-06-21·CVSS 5.0
CVE-2007-3477 [MEDIUM] gd: arc drawing functions can consume large amount of CPU time
gd: arc drawing functions can consume large amount of CPU time
The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allow attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value.
Statement: Due to the minimal impact of this flaw (temporary DoS by high CPU usage) and low likelihood of this problem being exposed in a way that would allow trust boundary crossing, we currently do not plan to backport a fix for this issue to the versions of gd as shipped in Red Hat Enterprise Linux 2.1, 3, 4 or 5.
Package: libwmf (Red Hat Enterprise Linux 4) - Will not fix
Package: libwmf (Red Hat Enterprise Linux 5) - Will not fix
Package: libwmf (Red Hat Enterprise Linux 6) - Will not fix
Debian
CVE-2007-3477: libgd2 - The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd)...
vendor_debian·2007·CVSS 5.0
CVE-2007-3477 [MEDIUM] CVE-2007-3477: libgd2 - The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd)...
The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allow attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value.
Scope: local
bookworm: resolved (fixed in 2.0.35.dfsg-1)
bullseye: resolved (fixed in 2.0.35.dfsg-1)
forky: resolved (fixed in 2.0.35.dfsg-1)
sid: resolved (fixed in 2.0.35.dfsg-1)
trixie: resolved (fixed in 2.0.35.dfsg-1)
Suricata
ET WEB_SPECIFIC_APPS WSN Guest SQL Injection Attempt -- comments.php id DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2007-1517 [HIGH] ET WEB_SPECIFIC_APPS WSN Guest SQL Injection Attempt -- comments.php id DELETE
ET WEB_SPECIFIC_APPS WSN Guest SQL Injection Attempt -- comments.php id DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS WSN Guest SQL Injection Attempt -- comments.php id DELETE"; flow:established,to_server; http.uri; content:"/comments.php?"; nocase; content:"id="; nocase; content:"DELETE"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2007-1517; reference:url,www.milw0rm.com/exploits/3477; classtype:web-application-attack; sid:2004256; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_03, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190
Suricata
ET WEB_SPECIFIC_APPS WSN Guest SQL Injection Attempt -- comments.php id UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-1517 [HIGH] ET WEB_SPECIFIC_APPS WSN Guest SQL Injection Attempt -- comments.php id UNION SELECT
ET WEB_SPECIFIC_APPS WSN Guest SQL Injection Attempt -- comments.php id UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS WSN Guest SQL Injection Attempt -- comments.php id UNION SELECT"; flow:established,to_server; http.uri; content:"/comments.php?"; nocase; content:"id="; nocase; content:"UNION"; nocase; content:"SELECT"; nocase; distance:0; pcre:"/UNION\s+SELECT/i"; reference:cve,CVE-2007-1517; reference:url,www.milw0rm.com/exploits/3477; classtype:web-application-attack; sid:2004254; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_03, mitre_tactic_id TA0001, mitre_tactic_name I
Suricata
ET WEB_SPECIFIC_APPS WSN Guest SQL Injection Attempt -- comments.php id INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2007-1517 [HIGH] ET WEB_SPECIFIC_APPS WSN Guest SQL Injection Attempt -- comments.php id INSERT
ET WEB_SPECIFIC_APPS WSN Guest SQL Injection Attempt -- comments.php id INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS WSN Guest SQL Injection Attempt -- comments.php id INSERT"; flow:established,to_server; http.uri; content:"/comments.php?"; nocase; content:"id="; nocase; content:"INSERT"; nocase; content:"INTO"; nocase; distance:0; reference:cve,CVE-2007-1517; reference:url,www.milw0rm.com/exploits/3477; classtype:web-application-attack; sid:2004255; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_03, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190
Suricata
ET WEB_SPECIFIC_APPS WSN Guest SQL Injection Attempt -- comments.php id UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2007-1517 [HIGH] ET WEB_SPECIFIC_APPS WSN Guest SQL Injection Attempt -- comments.php id UPDATE
ET WEB_SPECIFIC_APPS WSN Guest SQL Injection Attempt -- comments.php id UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS WSN Guest SQL Injection Attempt -- comments.php id UPDATE"; flow:established,to_server; http.uri; content:"/comments.php?"; nocase; content:"id="; nocase; content:"UPDATE"; nocase; content:"SET"; nocase; distance:0; reference:cve,CVE-2007-1517; reference:url,www.milw0rm.com/exploits/3477; classtype:web-application-attack; sid:2004258; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_03, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190,
Suricata
ET WEB_SPECIFIC_APPS WSN Guest SQL Injection Attempt -- comments.php id SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-1517 [HIGH] ET WEB_SPECIFIC_APPS WSN Guest SQL Injection Attempt -- comments.php id SELECT
ET WEB_SPECIFIC_APPS WSN Guest SQL Injection Attempt -- comments.php id SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS WSN Guest SQL Injection Attempt -- comments.php id SELECT"; flow:established,to_server; http.uri; content:"/comments.php?"; nocase; content:"id="; nocase; content:"SELECT"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2007-1517; reference:url,www.milw0rm.com/exploits/3477; classtype:web-application-attack; sid:2004253; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_03, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190
Suricata
ET WEB_SPECIFIC_APPS WSN Guest SQL Injection Attempt -- comments.php id ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2007-1517 [HIGH] ET WEB_SPECIFIC_APPS WSN Guest SQL Injection Attempt -- comments.php id ASCII
ET WEB_SPECIFIC_APPS WSN Guest SQL Injection Attempt -- comments.php id ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS WSN Guest SQL Injection Attempt -- comments.php id ASCII"; flow:established,to_server; http.uri; content:"/comments.php?"; nocase; content:"id="; nocase; content:"ASCII("; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2007-1517; reference:url,www.milw0rm.com/exploits/3477; classtype:web-application-attack; sid:2004257; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_03, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190
No public exploits indexed.
Bugzilla
Embeds vulnerable version of gd prone to many CVEs
bugzilla·2010-12-05·CVSS 7.5
CVE-2007-0455 [HIGH] Embeds vulnerable version of gd prone to many CVEs
Embeds vulnerable version of gd prone to many CVEs
Description of problem:
libwmf embeds an old version of gd (2.0.1beta) which has a number of vulnerabilities associated with it.
CVE-2007-0455 CVE-2007-3472 CVE-2007-3473 CVE-2007-3474 CVE-2007-3475 CVE-2007-3476 CVE-2007-3477 CVE-2007-3478
Cursory inspection of one of the patch diffs shows that no patches have been applied to libwmf.
Version-Release number of selected component (if applicable):
Name: libwmf
Version: 0.2.8.4
Release: 26.fc14
Additional info:
Ideally, the system wide gd library could be used instead of the embedded copy. This would prevent future issues like this from happening.
Discussion:
The reason libgd was ever embedded because the original version back then didn't have a clipping mechanism. The new one does,
Bugzilla
CVE-2007-3477 gd: arc drawing functions can consume large amount of CPU time
bugzilla·2007-09-04·CVSS 5.0
CVE-2007-3477 [MEDIUM] CVE-2007-3477 gd: arc drawing functions can consume large amount of CPU time
CVE-2007-3477 gd: arc drawing functions can consume large amount of CPU time
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-3477 to the following vulnerability:
The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allow attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value.
References:
http://www.libgd.org/ReleaseNote020035
http://bugs.libgd.org/?do=details&task_id=74
http://bugs.libgd.org/?do=details&task_id=92
Discussion:
Original fix:
http://cvs.php.net/viewcvs.cgi/gd/libgd/src/gd.c?r1=1.53&r2=1.54
and additional enhancement to fix regression introduced by the original fix:
http://cvs.php.net/viewcvs.cgi/gd/libgd/src/gd.c?r1=1.58&r2=1.59
---
Due to minimal im
Bugzilla
CVE-2007-3472 CVE-2007-3473 CVE-2007-3474 CVE-2007-3475 CVE-2007-3476 CVE-2007-3477 CVE-2007-3478 gd various flaws [FC6]
bugzilla·2007-09-04·CVSS 4.3
CVE-2007-3472 [MEDIUM] CVE-2007-3472 CVE-2007-3473 CVE-2007-3474 CVE-2007-3475 CVE-2007-3476 CVE-2007-3477 CVE-2007-3478 gd various flaws [FC6]
CVE-2007-3472 CVE-2007-3473 CVE-2007-3474 CVE-2007-3475 CVE-2007-3476 CVE-2007-3477 CVE-2007-3478 gd various flaws [FC6]
FC6 tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
Fixed in gd-2.0.35-1.fc6.
Bugzilla
CVE-2007-3472 CVE-2007-3473 CVE-2007-3474 CVE-2007-3475 CVE-2007-3476 CVE-2007-3477 CVE-2007-3478 gd various flaws [F7]
bugzilla·2007-09-04·CVSS 4.3
CVE-2007-3472 [MEDIUM] CVE-2007-3472 CVE-2007-3473 CVE-2007-3474 CVE-2007-3475 CVE-2007-3476 CVE-2007-3477 CVE-2007-3478 gd various flaws [F7]
CVE-2007-3472 CVE-2007-3473 CVE-2007-3474 CVE-2007-3475 CVE-2007-3476 CVE-2007-3477 CVE-2007-3478 gd various flaws [F7]
F7 tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
gd-2.0.35-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgzhttp://bugs.libgd.org/?do=details&task_id=74http://bugs.libgd.org/?do=details&task_id=92http://fedoranews.org/updates/FEDORA-2007-205.shtmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.htmlhttp://osvdb.org/42062http://secunia.com/advisories/25860http://secunia.com/advisories/26272http://secunia.com/advisories/26390http://secunia.com/advisories/26415http://secunia.com/advisories/26467http://secunia.com/advisories/26663http://secunia.com/advisories/26766http://secunia.com/advisories/26856http://secunia.com/advisories/30168http://secunia.com/advisories/31168http://secunia.com/advisories/42813http://security.gentoo.org/glsa/glsa-200708-05.xmlhttp://security.gentoo.org/glsa/glsa-200711-34.xmlhttp://security.gentoo.org/glsa/glsa-200805-13.xmlhttp://www.debian.org/security/2008/dsa-1613http://www.libgd.org/ReleaseNote020035http://www.mandriva.com/security/advisories?name=MDKSA-2007:153http://www.mandriva.com/security/advisories?name=MDKSA-2007:164http://www.novell.com/linux/security/advisories/2007_15_sr.htmlhttp://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.htmlhttp://www.securityfocus.com/archive/1/478796/100/0/threadedhttp://www.securityfocus.com/bid/24651http://www.trustix.org/errata/2007/0024/http://www.vupen.com/english/advisories/2011/0022https://bugzilla.redhat.com/show_bug.cgi?id=277421https://issues.rpath.com/browse/RPL-1643ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgzhttp://bugs.libgd.org/?do=details&task_id=74http://bugs.libgd.org/?do=details&task_id=92http://fedoranews.org/updates/FEDORA-2007-205.shtmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.htmlhttp://osvdb.org/42062http://secunia.com/advisories/25860http://secunia.com/advisories/26272http://secunia.com/advisories/26390http://secunia.com/advisories/26415http://secunia.com/advisories/26467http://secunia.com/advisories/26663http://secunia.com/advisories/26766http://secunia.com/advisories/26856http://secunia.com/advisories/30168http://secunia.com/advisories/31168http://secunia.com/advisories/42813http://security.gentoo.org/glsa/glsa-200708-05.xmlhttp://security.gentoo.org/glsa/glsa-200711-34.xmlhttp://security.gentoo.org/glsa/glsa-200805-13.xmlhttp://www.debian.org/security/2008/dsa-1613http://www.libgd.org/ReleaseNote020035http://www.mandriva.com/security/advisories?name=MDKSA-2007:153http://www.mandriva.com/security/advisories?name=MDKSA-2007:164http://www.novell.com/linux/security/advisories/2007_15_sr.htmlhttp://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.htmlhttp://www.securityfocus.com/archive/1/478796/100/0/threadedhttp://www.securityfocus.com/bid/24651http://www.trustix.org/errata/2007/0024/http://www.vupen.com/english/advisories/2011/0022https://bugzilla.redhat.com/show_bug.cgi?id=277421https://issues.rpath.com/browse/RPL-1643
2007-06-28
Published