the original cloud security
Showing 1 - 8 of 8 RSS Feed

CVE-2007-2756

Status Candidate

Overview

The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service (CPU consumption) via a crafted PNG image with truncated data, which causes an infinite loop in the png_read_info function in libpng.

Related Files

HP Security Bulletin 2007-14.47
Posted Oct 10, 2007
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with Apache running on HP-UX. The vulnerabilities could be exploited remotely via Cross Site Scripting (XSS) to execute arbitrary code.

tags | advisory, arbitrary, vulnerability, xss
systems | hpux
advisories | CVE-2005-2090, CVE-2006-5752, CVE-2007-0450, CVE-2007-0774, CVE-2007-1355, CVE-2007-1358, CVE-2007-1860, CVE-2007-1863, CVE-2007-1887, CVE-2007-1900, CVE-2007-2449, CVE-2007-2450, CVE-2007-2756, CVE-2007-2872, CVE-2007-3382, CVE-2007-3385, CVE-2007-3386
MD5 | 8639b3ba8e68a74767d3c010df39b14a
Gentoo Linux Security Advisory 200710-2
Posted Oct 9, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200710-02 - Several vulnerabilities were found in PHP. Mattias Bengtsson and Philip Olausson reported integer overflows in the gdImageCreate() and gdImageCreateTrueColor() functions of the GD library which can cause heap-based buffer overflows. Gerhard Wagner discovered an integer overflow in the chunk_split() function that can lead to a heap-based buffer overflow. Its incomplete fix caused incorrect buffer size calculation due to precision loss, also resulting in a possible heap-based buffer overflow. A buffer overflow in the sqlite_decode_binary() of the SQLite extension found by Stefan Esser that was addressed in PHP 5.2.1 was not fixed correctly. Versions less than 5.2.4_p20070914-r2 are affected.

tags | advisory, overflow, php, vulnerability
systems | linux, gentoo
advisories | CVE-2007-1883, CVE-2007-1887, CVE-2007-1900, CVE-2007-2756, CVE-2007-2872, CVE-2007-3007, CVE-2007-3378, CVE-2007-3806, CVE-2007-3996, CVE-2007-3997, CVE-2007-3998, CVE-2007-4652, CVE-2007-4657, CVE-2007-4658, CVE-2007-4659, CVE-2007-4660, CVE-2007-4661, CVE-2007-4662
MD5 | 8c8d5b159992cb0df17a3a4a8b8f0e4d
Mandriva Linux Security Advisory 2007.187
Posted Sep 25, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Numerous vulnerabilities were discovered in the PHP scripting language that are corrected with this update. Not just a couple, not a few, but many.

tags | advisory, php, vulnerability
systems | linux, mandriva
advisories | CVE-2007-1375, CVE-2007-1399, CVE-2007-1900, CVE-2007-2727, CVE-2007-2728, CVE-2007-2748, CVE-2007-2756, CVE-2007-2872, CVE-2007-3799, CVE-2007-3996, CVE-2007-3998, CVE-2007-4658, CVE-2007-4670
MD5 | b96e8da2cd6e8f174d150d88670ccbcd
Gentoo Linux Security Advisory 200708-5
Posted Aug 10, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200708-05 - Xavier Roche discovered an infinite loop in the gdPngReadData() function when processing a truncated PNG file. An integer overflow has been discovered in the gdImageCreateTrueColor() function. An error has been discovered in the function gdImageCreateXbm() function. Unspecified vulnerabilities have been discovered in the GIF reader. An error has been discovered when processing a GIF image that has no global color map. An array index error has been discovered in the file gd_gif_in.c when processing images with an invalid color index. An error has been discovered in the imagearc() and imagefilledarc() functions when processing overly large angle values. A race condition has been discovered in the gdImageStringFTEx() function. Versions less than 2.0.35 are affected.

tags | advisory, overflow, vulnerability
systems | linux, gentoo
advisories | CVE-2007-2756, CVE-2007-3472, CVE-2007-3473, CVE-2007-3474, CVE-2007-3475, CVE-2007-3476, CVE-2007-3477, CVE-2007-3478
MD5 | ef5b7a4d0bdacff83b141f10984ea08e
Mandriva Linux Security Advisory 2007.124
Posted Jun 14, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A flaw in libgd2 was found by Xavier Roche where it would not correctly validate PNG callback results. If an application linked against libgd2 was tricked into processing a specially-crafted PNG file, it could cause a denial of service scenario via CPU resource consumption. Tetex uses an embedded copy of the gd source and may also be affected by this issue.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2007-2756
MD5 | a087c34ebaa86347b374a97442437c85
Mandriva Linux Security Advisory 2007.123
Posted Jun 14, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A flaw in libgd2 was found by Xavier Roche where it would not correctly validate PNG callback results. If an application linked against libgd2 was tricked into processing a specially-crafted PNG file, it could cause a denial of service scenario via CPU resource consumption. Libwmf uses an embedded copy of the gd source and may also be affected by this issue.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2007-2756
MD5 | 64610f58ede948763eb5c90cb91a1571
Mandriva Linux Security Advisory 2007.122
Posted Jun 14, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A flaw in libgd2 was found by Xavier Roche where it would not correctly validate PNG callback results. If an application linked against libgd2 was tricked into processing a specially-crafted PNG file, it could cause a denial of service scenario via CPU resource consumption.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2007-2756
MD5 | e89299e4416279f2b4893e51810b958f
Ubuntu Security Notice 473-1
Posted Jun 13, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 473-1 - A buffer overflow was discovered in libgd2's font renderer. By tricking an application using libgd2 into rendering a specially crafted string with a JIS encoded font, a remote attacker could read heap memory or crash the application, leading to a denial of service. Xavier Roche discovered that libgd2 did not correctly validate PNG callback results. If an application were tricked into processing a specially crafted PNG image, it would monopolize CPU resources. Since libgd2 is often used in PHP and Perl web applications, this could lead to a remote denial of service.

tags | advisory, remote, web, denial of service, overflow, perl, php
systems | linux, ubuntu
advisories | CVE-2007-0455, CVE-2007-2756
MD5 | 8c53c90a1f9981b62999f9c72d19ae6e
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    2 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close