CVE-2007-3996Improper Restriction of Operations within the Bounds of a Memory Buffer in PHP

CWE-189CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-190Integer Overflow or Wraparound12 documents7 sources
Severity
7.5HIGHNVD
NVD6.8OSV6.8
EPSS
9.6%
top 7.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
RacketPHPDebian Libgd2+4 more
Timeline
PublishedSep 4
Latest updateMay 1

Description

Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages5 packages

debiandebian/libgd2< libgd2 2.0.35.dfsg-1 (bookworm)
NVDphp/php4.0.04.4.8+2
debiandebian/libwmf< libgd2 2.0.35.dfsg-1 (bookworm)
debiandebian/racket< libgd2 2.0.35.dfsg-1 (bookworm)
Debianracket/racket< 5.0.2-1+3

Also affects: Debian Linux 3.1, 4.0, Ubuntu Linux 6.06, 6.10, 7.04, 7.10

Patches

Patch: secunia.comPatch: secweb.sePatch: www.php.net

🔴Vulnerability Details

3
GHSA
GHSA-43ww-xqjh-ppmf: Multiple integer overflows in PHP 4 before 42022-05-01
GHSA
GHSA-8378-c84x-wpqv: Multiple integer overflows in libgd in PHP before 52022-05-01
OSV
CVE-2007-3996: Multiple integer overflows in libgd in PHP before 52007-09-04

📋Vendor Advisories

5
Ubuntu
PHP vulnerabilities2009-02-12
Ubuntu
GD library vulnerability2007-12-18
Red Hat
php multiple integer overflows in gd2007-08-30
Debian
CVE-2007-3996: libgd2 - Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers t...2007
Red Hat
php integer overflow in strspn/strcspn

💬Community

2
Bugzilla
CVE-2007-3996 php multiple integer overflows in gd2007-09-05
Bugzilla
CVE-2007-3472 libgd Integer overflow in TrueColor code2007-09-04