Description
Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support.
CVSS vector
AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9Confidentiality: None
Integrity: None
Affected Packages2 packages
▶Debianlibgd2< 2.0.35.dfsg-1+3 🔴Vulnerability Details
3GHSAGHSA-f7gx-3pf8-q7f6: Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft↗2022-05-01 OSVCVE-2007-3478: Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft↗2007-06-28 CVEListCVE-2007-3478: Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft↗2007-06-28 📋Vendor Advisories
2Red Hatlibgd Certain TTF handling routines are not reentrant↗2007-06-21 DebianCVE-2007-3478: libgd2 - Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graph...↗2007 💬Community
4BugzillaEmbeds vulnerable version of gd prone to many CVEs↗2010-12-05 BugzillaCVE-2007-3472 CVE-2007-3473 CVE-2007-3474 CVE-2007-3475 CVE-2007-3476 CVE-2007-3477 CVE-2007-3478 gd various flaws [FC6]↗2007-09-04 BugzillaCVE-2007-3472 CVE-2007-3473 CVE-2007-3474 CVE-2007-3475 CVE-2007-3476 CVE-2007-3477 CVE-2007-3478 gd various flaws [F7]↗2007-09-04 BugzillaCVE-2007-3478 libgd Certain TTF handling routines are not reentrant↗2007-09-04