CVE-2007-3478
published 2007-06-28CVE-2007-3478: Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to…
PriorityP413medium4.3CVSS 2.0
AVNACMAuNCNINAP
EPSS
1.72%
74.6th percentile
Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libgd2 | < libgd2 2.0.35.dfsg-1 (bookworm) | libgd2 2.0.35.dfsg-1 (bookworm) |
| gd_graphics_library | gdlib | <= 2.0.34 | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv4.3MEDIUM
vendor_debian4.3LOW
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f7gx-3pf8-q7f6: Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft
ghsa_unreviewed·2022-05-01
CVE-2007-3478 [MEDIUM] CWE-362 GHSA-f7gx-3pf8-q7f6: Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft
Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support.
OSV
CVE-2007-3478: Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft
osv·2007-06-28·CVSS 4.3
CVE-2007-3478 [MEDIUM] CVE-2007-3478: Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft
Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support.
Red Hat
libgd Certain TTF handling routines are not reentrant
vendor_redhat·2007-06-21·CVSS 4.3
CVE-2007-3478 [MEDIUM] libgd Certain TTF handling routines are not reentrant
libgd Certain TTF handling routines are not reentrant
Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support.
Statement: We currently do not plan to backport a fix for this issue to gd packages in current versions of Red Hat Enterprise Linux 2.1, 3, 4, and 5 due to the low likelihood of and application affected by this problem being exposed in a way that would allow trust boundary to be crossed.
Debian
CVE-2007-3478: libgd2 - Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graph...
vendor_debian·2007·CVSS 4.3
CVE-2007-3478 [MEDIUM] CVE-2007-3478: libgd2 - Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graph...
Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support.
Scope: local
bookworm: resolved (fixed in 2.0.35.dfsg-1)
bullseye: resolved (fixed in 2.0.35.dfsg-1)
forky: resolved (fixed in 2.0.35.dfsg-1)
sid: resolved (fixed in 2.0.35.dfsg-1)
trixie: resolved (fixed in 2.0.35.dfsg-1)
No detection rules found.
No public exploits indexed.
Bugzilla
Embeds vulnerable version of gd prone to many CVEs
bugzilla·2010-12-05·CVSS 7.5
CVE-2007-0455 [HIGH] Embeds vulnerable version of gd prone to many CVEs
Embeds vulnerable version of gd prone to many CVEs
Description of problem:
libwmf embeds an old version of gd (2.0.1beta) which has a number of vulnerabilities associated with it.
CVE-2007-0455 CVE-2007-3472 CVE-2007-3473 CVE-2007-3474 CVE-2007-3475 CVE-2007-3476 CVE-2007-3477 CVE-2007-3478
Cursory inspection of one of the patch diffs shows that no patches have been applied to libwmf.
Version-Release number of selected component (if applicable):
Name: libwmf
Version: 0.2.8.4
Release: 26.fc14
Additional info:
Ideally, the system wide gd library could be used instead of the embedded copy. This would prevent future issues like this from happening.
Discussion:
The reason libgd was ever embedded because the original version back then didn't have a clipping mechanism. The new one does,
Bugzilla
CVE-2007-3472 CVE-2007-3473 CVE-2007-3474 CVE-2007-3475 CVE-2007-3476 CVE-2007-3477 CVE-2007-3478 gd various flaws [FC6]
bugzilla·2007-09-04·CVSS 4.3
CVE-2007-3472 [MEDIUM] CVE-2007-3472 CVE-2007-3473 CVE-2007-3474 CVE-2007-3475 CVE-2007-3476 CVE-2007-3477 CVE-2007-3478 gd various flaws [FC6]
CVE-2007-3472 CVE-2007-3473 CVE-2007-3474 CVE-2007-3475 CVE-2007-3476 CVE-2007-3477 CVE-2007-3478 gd various flaws [FC6]
FC6 tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
Fixed in gd-2.0.35-1.fc6.
Bugzilla
CVE-2007-3472 CVE-2007-3473 CVE-2007-3474 CVE-2007-3475 CVE-2007-3476 CVE-2007-3477 CVE-2007-3478 gd various flaws [F7]
bugzilla·2007-09-04·CVSS 4.3
CVE-2007-3472 [MEDIUM] CVE-2007-3472 CVE-2007-3473 CVE-2007-3474 CVE-2007-3475 CVE-2007-3476 CVE-2007-3477 CVE-2007-3478 gd various flaws [F7]
CVE-2007-3472 CVE-2007-3473 CVE-2007-3474 CVE-2007-3475 CVE-2007-3476 CVE-2007-3477 CVE-2007-3478 gd various flaws [F7]
F7 tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
gd-2.0.35-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
Bugzilla
CVE-2007-3478 libgd Certain TTF handling routines are not reentrant
bugzilla·2007-09-04·CVSS 4.3
CVE-2007-3478 [MEDIUM] CVE-2007-3478 libgd Certain TTF handling routines are not reentrant
CVE-2007-3478 libgd Certain TTF handling routines are not reentrant
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-3478 to the following vulnerability:
Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support.
References:
http://bugs.php.net/bug.php?id=40578
http://bugs.libgd.org/?do=details&task_id=48
Discussion:
Triggering the crash is dependent on a time-dependent race condition.
---
Only seems relevant for multi-threaded applications.
Upstream commits referring to mentioned gd bug:
http://cvs.php.net/viewcvs.cgi/gd/libgd/src/gdft.c?r1=1.30&r2=1.32
---
W
http://bugs.libgd.org/?do=details&task_id=48http://bugs.php.net/bug.php?id=40578http://fedoranews.org/updates/FEDORA-2007-205.shtmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.htmlhttp://osvdb.org/37740http://secunia.com/advisories/25855http://secunia.com/advisories/26272http://secunia.com/advisories/26390http://secunia.com/advisories/26415http://secunia.com/advisories/26467http://secunia.com/advisories/26663http://secunia.com/advisories/26766http://secunia.com/advisories/26856http://secunia.com/advisories/30168http://secunia.com/advisories/42813http://security.gentoo.org/glsa/glsa-200708-05.xmlhttp://security.gentoo.org/glsa/glsa-200711-34.xmlhttp://security.gentoo.org/glsa/glsa-200805-13.xmlhttp://www.libgd.org/ReleaseNote020035http://www.mandriva.com/security/advisories?name=MDKSA-2007:153http://www.mandriva.com/security/advisories?name=MDKSA-2007:164http://www.novell.com/linux/security/advisories/2007_15_sr.htmlhttp://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.htmlhttp://www.securityfocus.com/archive/1/478796/100/0/threadedhttp://www.trustix.org/errata/2007/0024/http://www.vupen.com/english/advisories/2007/2336http://www.vupen.com/english/advisories/2011/0022https://bugzilla.redhat.com/show_bug.cgi?id=277421https://issues.rpath.com/browse/RPL-1643http://bugs.libgd.org/?do=details&task_id=48http://bugs.php.net/bug.php?id=40578http://fedoranews.org/updates/FEDORA-2007-205.shtmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.htmlhttp://osvdb.org/37740http://secunia.com/advisories/25855http://secunia.com/advisories/26272http://secunia.com/advisories/26390http://secunia.com/advisories/26415http://secunia.com/advisories/26467http://secunia.com/advisories/26663http://secunia.com/advisories/26766http://secunia.com/advisories/26856http://secunia.com/advisories/30168http://secunia.com/advisories/42813http://security.gentoo.org/glsa/glsa-200708-05.xmlhttp://security.gentoo.org/glsa/glsa-200711-34.xmlhttp://security.gentoo.org/glsa/glsa-200805-13.xmlhttp://www.libgd.org/ReleaseNote020035http://www.mandriva.com/security/advisories?name=MDKSA-2007:153http://www.mandriva.com/security/advisories?name=MDKSA-2007:164http://www.novell.com/linux/security/advisories/2007_15_sr.htmlhttp://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.htmlhttp://www.securityfocus.com/archive/1/478796/100/0/threadedhttp://www.trustix.org/errata/2007/0024/http://www.vupen.com/english/advisories/2007/2336http://www.vupen.com/english/advisories/2011/0022https://bugzilla.redhat.com/show_bug.cgi?id=277421https://issues.rpath.com/browse/RPL-1643
2007-06-28
Published