[php-maint] Bug#439927: Bug#439927: CVE-2007-4033: Buffer overflow in GD extension

sean finney seanius at debian.org
Wed Aug 29 22:20:58 UTC 2007

reassign 439927 libt1

On Tuesday 28 August 2007 04:28:00 pm Thijs Kinkhorst wrote:
> Package: php5
> Tags: security
> Hi,
> A security issue has been reported against the GD extension in PHP:
> > Buffer overflow in php_gd2.dll in the gd (PHP_GD2) extension in PHP 5.2.3
> > allows context-dependent attackers to execute arbitrary code via a long
> > argument to the imagepsloadfont function.
> I've tried to assess whether Debian is vulnerable to this, but cannot come
> to a definitive "yes" or "no". Could you please investigate?

to answer the question:

yes, this is a vulnerability, albeit a rather low one.  but no, it is not php 
that is vulnerable but libt1, as the vulnerability can be traced back there 
in the core dump, and this seems to be backed up by updates to 
http://www.securityfocus.com/bid/25079 (esp see discussion section).

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20070830/4676b151/attachment-0001.pgp 

More information about the pkg-php-maint mailing list