what you don't know can hurt you
Showing 1 - 6 of 6 RSS Feed

CVE-2007-3996

Status Candidate

Overview

Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function.

Related Files

Mandriva Linux Security Advisory 2009-264
Posted Oct 12, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-264 - Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function. The updated packages have been patched to prevent this.

tags | advisory, remote, denial of service, overflow, arbitrary, php
systems | linux, mandriva
advisories | CVE-2007-3996
SHA-256 | 0c3e84909471c50a9b07d973c3ae6e1b17aca9fdb881fc457449deeb49d0b232
Ubuntu Security Notice 720-1
Posted Feb 12, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-720-1 - A significant amount of vulnerabilities in PHP 5 have been addressed. These range from security bypass to denial of service issues.

tags | advisory, denial of service, php, vulnerability
systems | linux, ubuntu
advisories | CVE-2007-3996, CVE-2007-5900, CVE-2008-3658, CVE-2008-3659, CVE-2008-3660, CVE-2008-5557, CVE-2008-5624, CVE-2008-5625, CVE-2008-5658
SHA-256 | a31f39cf30e5eb073f9dc121d4e40f5b0fdbb62143587c9dc60669c009e7c708
Debian Linux Security Advisory 1613-1
Posted Jul 22, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1613-1 - Multiple vulnerabilities have been identified in libgd2, a library for programmatic graphics creation and manipulation. The Common Vulnerabilities and Exposures project identifies the following three issues:

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2007-3476, CVE-2007-3477, CVE-2007-3996, CVE-2007-2445
SHA-256 | 1ec400aa47c3df11688f737aeb1905ab1846b62ee1039d4e1efa0f452cf223c9
Ubuntu Security Notice 557-1
Posted Dec 20, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 557-1 - Mattias Bengtsson and Philip Olausson discovered that the GD library did not properly perform bounds checking when creating images. An attacker could send specially crafted input to applications linked against libgd2 and cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2007-3996
SHA-256 | ed13d4e056ae666b4f0da0b2ba5ce53640bb831f56b258edea93cdd51e515516
Gentoo Linux Security Advisory 200710-2
Posted Oct 9, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200710-02 - Several vulnerabilities were found in PHP. Mattias Bengtsson and Philip Olausson reported integer overflows in the gdImageCreate() and gdImageCreateTrueColor() functions of the GD library which can cause heap-based buffer overflows. Gerhard Wagner discovered an integer overflow in the chunk_split() function that can lead to a heap-based buffer overflow. Its incomplete fix caused incorrect buffer size calculation due to precision loss, also resulting in a possible heap-based buffer overflow. A buffer overflow in the sqlite_decode_binary() of the SQLite extension found by Stefan Esser that was addressed in PHP 5.2.1 was not fixed correctly. Versions less than 5.2.4_p20070914-r2 are affected.

tags | advisory, overflow, php, vulnerability
systems | linux, gentoo
advisories | CVE-2007-1883, CVE-2007-1887, CVE-2007-1900, CVE-2007-2756, CVE-2007-2872, CVE-2007-3007, CVE-2007-3378, CVE-2007-3806, CVE-2007-3996, CVE-2007-3997, CVE-2007-3998, CVE-2007-4652, CVE-2007-4657, CVE-2007-4658, CVE-2007-4659, CVE-2007-4660, CVE-2007-4661, CVE-2007-4662
SHA-256 | 0954c820cef174c83409c66ee739a3d9955c800b776a51d4b17c9452a9f19875
Mandriva Linux Security Advisory 2007.187
Posted Sep 25, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Numerous vulnerabilities were discovered in the PHP scripting language that are corrected with this update. Not just a couple, not a few, but many.

tags | advisory, php, vulnerability
systems | linux, mandriva
advisories | CVE-2007-1375, CVE-2007-1399, CVE-2007-1900, CVE-2007-2727, CVE-2007-2728, CVE-2007-2748, CVE-2007-2756, CVE-2007-2872, CVE-2007-3799, CVE-2007-3996, CVE-2007-3998, CVE-2007-4658, CVE-2007-4670
SHA-256 | 01d42bfc7015b848897634663e966d52f46f75ad839abd6b538db6357c46f4f2
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close