[php-maint] Bug#439927: Bug#439927: CVE-2007-4033: Buffer overflow in GD extension
seanius at debian.org
Wed Aug 29 22:20:58 UTC 2007
reassign 439927 libt1
On Tuesday 28 August 2007 04:28:00 pm Thijs Kinkhorst wrote:
> Package: php5
> Tags: security
> A security issue has been reported against the GD extension in PHP:
> > Buffer overflow in php_gd2.dll in the gd (PHP_GD2) extension in PHP 5.2.3
> > allows context-dependent attackers to execute arbitrary code via a long
> > argument to the imagepsloadfont function.
> I've tried to assess whether Debian is vulnerable to this, but cannot come
> to a definitive "yes" or "no". Could you please investigate?
to answer the question:
yes, this is a vulnerability, albeit a rather low one. but no, it is not php
that is vulnerable but libt1, as the vulnerability can be traced back there
in the core dump, and this seems to be backed up by updates to
http://www.securityfocus.com/bid/25079 (esp see discussion section).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20070830/4676b151/attachment-0001.pgp
More information about the pkg-php-maint