[pkg-GD-devel] Bug#443456: CVE-2007-3996 integer overflows in multiple functions
Nico Golde
nion at debian.org
Fri Sep 21 13:51:55 UTC 2007
Package: libgd2
Severity: important
Tags: security
Hi,
a CVE has been issued for libgd:
CVE-2007-3996[0]:
Multiple integer overflows in libgd in PHP before 5.2.4
allow remote attackers to cause a denial of service
(application crash) and possibly execute arbitrary code via
a large (1) srcW or (2) srcH value to the (a)
gdImageCopyResized function, or a large (3) sy (height) or
(4) sx (width) value to the (b) gdImageCreate or the (c)
gdImageCreateTrueColor function.
I can confirm this bug for Debian with looking at the souce
code.
If you fix this bug please include the CVE id in the
changelog.
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3996
Kind regards
Nico
--
Nico Golde - http://ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-gd-devel/attachments/20070921/ca3c0b05/attachment.pgp
More information about the pkg-GD-devel
mailing list