Mandriva Linux Security Advisory MDKSA-2006-162 - The file_exists and imap_reopen functions in PHP before version 5.1.5 do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings. A buffer overflow in the LWZReadByte function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before version 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array.
643f06d3c36b031840d60f7ef35b3fcfbf394ef6737c1a469ff32f9c413f159e