CVE-2008-4484
published 2008-10-08CVE-2008-4484: main.php in Crux Gallery 1.32 and earlier allows remote attackers to gain administrative access by setting the name parameter to "users," as demonstrated via…
PriorityP338medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
2.57%
83.2th percentile
main.php in Crux Gallery 1.32 and earlier allows remote attackers to gain administrative access by setting the name parameter to "users," as demonstrated via index.php.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| crux_software | gallery | <= 1.32 | — |
| crux_software | gallery | — | — |
| crux_software | gallery | — | — |
| crux_software | gallery | — | — |
| crux_software | gallery | — | — |
| crux_software | gallery | — | — |
| crux_software | gallery | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat2.6LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rrjm-whcf-6m77: main
ghsa_unreviewed·2022-05-02
CVE-2008-4484 [MEDIUM] GHSA-rrjm-whcf-6m77: main
main.php in Crux Gallery 1.32 and earlier allows remote attackers to gain administrative access by setting the name parameter to "users," as demonstrated via index.php.
Red Hat
cups: overflow in gif image filter
vendor_redhat·2008-04-01·CVSS 2.6
CVE-2008-1373 [LOW] cups: overflow in gif image filter
cups: overflow in gif image filter
Buffer overflow in the gif_read_lzw function in CUPS 1.3.6 allows remote attackers to have an unknown impact via a GIF file with a large code_size value, a similar issue to CVE-2006-4484.
Red Hat
netpbm: GIF handling buffer overflow in giftopnm
vendor_redhat·2008-02-01·CVSS 2.6
CVE-2008-0554 [LOW] netpbm: GIF handling buffer overflow in giftopnm
netpbm: GIF handling buffer overflow in giftopnm
Buffer overflow in the readImageData function in giftopnm.c in netpbm before 10.27 in netpbm before 10.27 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484.
Red Hat
tk: GIF handling buffer overflow
vendor_redhat·2008-02-01·CVSS 2.6
CVE-2008-0553 [LOW] tk: GIF handling buffer overflow
tk: GIF handling buffer overflow
Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in Tk (Tcl/Tk) before 8.5.1 allows remote attackers to execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484.
No detection rules found.
Bugzilla
CVE-2008-1373 cups: overflow in gif image filter
bugzilla·2008-03-20·CVSS 2.6
CVE-2008-1373 [LOW] CVE-2008-1373 cups: overflow in gif image filter
CVE-2008-1373 cups: overflow in gif image filter
It was discovered that GIF parsing code used by CUPS printing system is affected
by similar issue as GIF parsers used by gd / netpbm / tk / SDL_image.
Value of code_size read from GIF image is not properly validate before being
used to initialize table array in gif_read_lzw(), causing a static buffer overflow.
Issue is similar to:
CVE-2006-4484 (gd), CVE-2007-6697 (SDL_image), CVE-2008-0553 (tk), CVE-2008-0554
(netpbm)
Discussion:
Created attachment 298680
Proposed patch
Similar to fixed used in gd / tk / netpbm / SDL_image.
---
Tracked upstream via: http://www.cups.org/str.php?L2765
---
cups-1.2.12-10.fc7 has been submitted as an update for Fedora 7
---
cups-1.3.6-4.fc8 has been pushed to the Fedora 8 stable repository. If probl
Bugzilla
CVE-2008-0553 tk: GIF handling buffer overflow
bugzilla·2008-02-05·CVSS 2.6
CVE-2008-0553 [LOW] CVE-2008-0553 tk: GIF handling buffer overflow
CVE-2008-0553 tk: GIF handling buffer overflow
tk GIF handling code is based on the same code as used by gd and SDL_image and
is affected by the overflow known as CVE-2006-4484 and CVE-2007-6697.
ReadImage function in tkImgGIF.c does not properly check the value of
initialCodeSize value read from GIF image before using it as upper bound during
the initialization of append array. This can result in stack buffer overflow.
Upstream fix:
http://tktoolkit.cvs.sourceforge.net/tktoolkit/tk/generic/tkImgGIF.c?r1=1.40&r2=1.41
This is expected to be included in upstream tk version 8.5.1.
Related issues:
CVE-2006-4484 (gd), CVE-2007-6697 (SDL_image), CVE-2008-0554 (netpbm)
Discussion:
perl-Tk uses embedded copy of tk source code and is affected by this problem
too. Adding perl-Tk maintainers t
Bugzilla
CVE-2008-0554 netpbm: GIF handling buffer overflow in giftopnm
bugzilla·2008-02-05·CVSS 2.6
CVE-2008-0554 [LOW] CVE-2008-0554 netpbm: GIF handling buffer overflow in giftopnm
CVE-2008-0554 netpbm: GIF handling buffer overflow in giftopnm
GIF handling code used in netpbm's giftopnm converter is based on the same code
as used by gd and SDL_image and is affected by the overflow known as
CVE-2006-4484 and CVE-2007-6697.
readImageData function in giftopnm.c does not properly check the value of
lzwMinCodeSize value read from GIF image before passing it to lzwInit, which
uses it as upper bound during the initialization of fixed sized table array,
leading to a buffer overflow.
This issue was fixed in upstream version 10.27. Code checking the value is in
the initial giftopnm.c revision in projects public SVN repository:
http://netpbm.svn.sourceforge.net/viewvc/netpbm/trunk/converter/other/giftopnm.c?revision=1&view=markup#l_1052
This issue does not affect netpbm pa
Bugzilla
CVE-2008-0553 tk: GIF handling buffer overflow [rawhide]
bugzilla·2008-02-05·CVSS 2.6
CVE-2008-0553 [LOW] CVE-2008-0553 tk: GIF handling buffer overflow [rawhide]
CVE-2008-0553 tk: GIF handling buffer overflow [rawhide]
+++ This bug was initially created as a clone of Bug #431518 +++
tk GIF handling code is based on the same code as used by gd and SDL_image and
is affected by the overflow known as CVE-2006-4484 and CVE-2007-6697.
ReadImage function in tkImgGIF.c does not properly check the value of
initialCodeSize value read from GIF image before using it as upper bound during
the initialization of append array. This can result in stack buffer overflow.
Upstream fix:
http://tktoolkit.cvs.sourceforge.net/tktoolkit/tk/generic/tkImgGIF.c?r1=1.40&r2=1.41
This is expected to be included in upstream tk version 8.5.1.
Related issues:
CVE-2006-4484 (gd), CVE-2007-6697 (SDL_image), CVE-2008-0554 (netpbm)
-- Additional comment from [email protected] on
http://secunia.com/advisories/32058http://securityreason.com/securityalert/4365http://www.attrition.org/pipermail/vim/2008-October/002083.htmlhttp://www.securityfocus.com/archive/1/496763/100/0/threadedhttp://www.securityfocus.com/bid/31430https://exchange.xforce.ibmcloud.com/vulnerabilities/45443https://www.exploit-db.com/exploits/6586http://secunia.com/advisories/32058http://securityreason.com/securityalert/4365http://www.attrition.org/pipermail/vim/2008-October/002083.htmlhttp://www.securityfocus.com/archive/1/496763/100/0/threadedhttp://www.securityfocus.com/bid/31430https://exchange.xforce.ibmcloud.com/vulnerabilities/45443https://www.exploit-db.com/exploits/6586
2008-10-08
Published