CVE-2007-0455

Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font.
References
Link Resource
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=224607 Issue Tracking Third Party Advisory
http://fedoranews.org/cms/node/2631 Broken Link
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html Mailing List Third Party Advisory
http://lists.rpath.com/pipermail/security-announce/2007-February/000145.html Broken Link
http://rhn.redhat.com/errata/RHSA-2007-0155.html Third Party Advisory
http://secunia.com/advisories/23916 Not Applicable Vendor Advisory
http://secunia.com/advisories/24022 Not Applicable
http://secunia.com/advisories/24052 Not Applicable
http://secunia.com/advisories/24053 Not Applicable
http://secunia.com/advisories/24107 Not Applicable
http://secunia.com/advisories/24143 Not Applicable
http://secunia.com/advisories/24151 Not Applicable
http://secunia.com/advisories/24924 Not Applicable
http://secunia.com/advisories/24945 Not Applicable
http://secunia.com/advisories/24965 Not Applicable
http://secunia.com/advisories/25575 Not Applicable
http://secunia.com/advisories/29157 Not Applicable
http://secunia.com/advisories/42813 Not Applicable
http://www.mandriva.com/security/advisories?name=MDKSA-2007:035 Broken Link
http://www.mandriva.com/security/advisories?name=MDKSA-2007:036 Broken Link
http://www.mandriva.com/security/advisories?name=MDKSA-2007:038 Broken Link
http://www.mandriva.com/security/advisories?name=MDKSA-2007:109 Broken Link
http://www.redhat.com/support/errata/RHSA-2007-0153.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0162.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0146.html Third Party Advisory
http://www.securityfocus.com/archive/1/466166/100/0/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/22289 Third Party Advisory VDB Entry
http://www.trustix.org/errata/2007/0007 Broken Link
http://www.ubuntu.com/usn/usn-473-1 Third Party Advisory
http://www.vupen.com/english/advisories/2007/0400 Permissions Required
http://www.vupen.com/english/advisories/2011/0022 Permissions Required
https://issues.rpath.com/browse/RPL-1030 Broken Link
https://issues.rpath.com/browse/RPL-1268 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11303 Third Party Advisory
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=224607 Issue Tracking Third Party Advisory
http://fedoranews.org/cms/node/2631 Broken Link
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html Mailing List Third Party Advisory
http://lists.rpath.com/pipermail/security-announce/2007-February/000145.html Broken Link
http://rhn.redhat.com/errata/RHSA-2007-0155.html Third Party Advisory
http://secunia.com/advisories/23916 Not Applicable Vendor Advisory
http://secunia.com/advisories/24022 Not Applicable
http://secunia.com/advisories/24052 Not Applicable
http://secunia.com/advisories/24053 Not Applicable
http://secunia.com/advisories/24107 Not Applicable
http://secunia.com/advisories/24143 Not Applicable
http://secunia.com/advisories/24151 Not Applicable
http://secunia.com/advisories/24924 Not Applicable
http://secunia.com/advisories/24945 Not Applicable
http://secunia.com/advisories/24965 Not Applicable
http://secunia.com/advisories/25575 Not Applicable
http://secunia.com/advisories/29157 Not Applicable
http://secunia.com/advisories/42813 Not Applicable
http://www.mandriva.com/security/advisories?name=MDKSA-2007:035 Broken Link
http://www.mandriva.com/security/advisories?name=MDKSA-2007:036 Broken Link
http://www.mandriva.com/security/advisories?name=MDKSA-2007:038 Broken Link
http://www.mandriva.com/security/advisories?name=MDKSA-2007:109 Broken Link
http://www.redhat.com/support/errata/RHSA-2007-0153.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0162.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0146.html Third Party Advisory
http://www.securityfocus.com/archive/1/466166/100/0/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/22289 Third Party Advisory VDB Entry
http://www.trustix.org/errata/2007/0007 Broken Link
http://www.ubuntu.com/usn/usn-473-1 Third Party Advisory
http://www.vupen.com/english/advisories/2007/0400 Permissions Required
http://www.vupen.com/english/advisories/2011/0022 Permissions Required
https://issues.rpath.com/browse/RPL-1030 Broken Link
https://issues.rpath.com/browse/RPL-1268 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11303 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:gd_graphics_library_project:gd_graphics_library:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:*

History

21 Nov 2024, 00:25

Type Values Removed Values Added
References () http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=224607 - Issue Tracking, Third Party Advisory () http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=224607 - Issue Tracking, Third Party Advisory
References () http://fedoranews.org/cms/node/2631 - Broken Link () http://fedoranews.org/cms/node/2631 - Broken Link
References () http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html - Mailing List, Third Party Advisory () http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html - Mailing List, Third Party Advisory
References () http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html - Mailing List, Third Party Advisory () http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html - Mailing List, Third Party Advisory
References () http://lists.rpath.com/pipermail/security-announce/2007-February/000145.html - Broken Link () http://lists.rpath.com/pipermail/security-announce/2007-February/000145.html - Broken Link
References () http://rhn.redhat.com/errata/RHSA-2007-0155.html - Third Party Advisory () http://rhn.redhat.com/errata/RHSA-2007-0155.html - Third Party Advisory
References () http://secunia.com/advisories/23916 - Not Applicable, Vendor Advisory () http://secunia.com/advisories/23916 - Not Applicable, Vendor Advisory
References () http://secunia.com/advisories/24022 - Not Applicable () http://secunia.com/advisories/24022 - Not Applicable
References () http://secunia.com/advisories/24052 - Not Applicable () http://secunia.com/advisories/24052 - Not Applicable
References () http://secunia.com/advisories/24053 - Not Applicable () http://secunia.com/advisories/24053 - Not Applicable
References () http://secunia.com/advisories/24107 - Not Applicable () http://secunia.com/advisories/24107 - Not Applicable
References () http://secunia.com/advisories/24143 - Not Applicable () http://secunia.com/advisories/24143 - Not Applicable
References () http://secunia.com/advisories/24151 - Not Applicable () http://secunia.com/advisories/24151 - Not Applicable
References () http://secunia.com/advisories/24924 - Not Applicable () http://secunia.com/advisories/24924 - Not Applicable
References () http://secunia.com/advisories/24945 - Not Applicable () http://secunia.com/advisories/24945 - Not Applicable
References () http://secunia.com/advisories/24965 - Not Applicable () http://secunia.com/advisories/24965 - Not Applicable
References () http://secunia.com/advisories/25575 - Not Applicable () http://secunia.com/advisories/25575 - Not Applicable
References () http://secunia.com/advisories/29157 - Not Applicable () http://secunia.com/advisories/29157 - Not Applicable
References () http://secunia.com/advisories/42813 - Not Applicable () http://secunia.com/advisories/42813 - Not Applicable
References () http://www.mandriva.com/security/advisories?name=MDKSA-2007:035 - Broken Link () http://www.mandriva.com/security/advisories?name=MDKSA-2007:035 - Broken Link
References () http://www.mandriva.com/security/advisories?name=MDKSA-2007:036 - Broken Link () http://www.mandriva.com/security/advisories?name=MDKSA-2007:036 - Broken Link
References () http://www.mandriva.com/security/advisories?name=MDKSA-2007:038 - Broken Link () http://www.mandriva.com/security/advisories?name=MDKSA-2007:038 - Broken Link
References () http://www.mandriva.com/security/advisories?name=MDKSA-2007:109 - Broken Link () http://www.mandriva.com/security/advisories?name=MDKSA-2007:109 - Broken Link
References () http://www.redhat.com/support/errata/RHSA-2007-0153.html - Third Party Advisory () http://www.redhat.com/support/errata/RHSA-2007-0153.html - Third Party Advisory
References () http://www.redhat.com/support/errata/RHSA-2007-0162.html - Third Party Advisory () http://www.redhat.com/support/errata/RHSA-2007-0162.html - Third Party Advisory
References () http://www.redhat.com/support/errata/RHSA-2008-0146.html - Third Party Advisory () http://www.redhat.com/support/errata/RHSA-2008-0146.html - Third Party Advisory
References () http://www.securityfocus.com/archive/1/466166/100/0/threaded - Third Party Advisory, VDB Entry () http://www.securityfocus.com/archive/1/466166/100/0/threaded - Third Party Advisory, VDB Entry
References () http://www.securityfocus.com/bid/22289 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/22289 - Third Party Advisory, VDB Entry
References () http://www.trustix.org/errata/2007/0007 - Broken Link () http://www.trustix.org/errata/2007/0007 - Broken Link
References () http://www.ubuntu.com/usn/usn-473-1 - Third Party Advisory () http://www.ubuntu.com/usn/usn-473-1 - Third Party Advisory
References () http://www.vupen.com/english/advisories/2007/0400 - Permissions Required () http://www.vupen.com/english/advisories/2007/0400 - Permissions Required
References () http://www.vupen.com/english/advisories/2011/0022 - Permissions Required () http://www.vupen.com/english/advisories/2011/0022 - Permissions Required
References () https://issues.rpath.com/browse/RPL-1030 - Broken Link () https://issues.rpath.com/browse/RPL-1030 - Broken Link
References () https://issues.rpath.com/browse/RPL-1268 - Broken Link () https://issues.rpath.com/browse/RPL-1268 - Broken Link
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11303 - Third Party Advisory () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11303 - Third Party Advisory

21 Jul 2022, 15:17

Type Values Removed Values Added
CWE CWE-119 CWE-120
References (VUPEN) http://www.vupen.com/english/advisories/2011/0022 - (VUPEN) http://www.vupen.com/english/advisories/2011/0022 - Permissions Required
References (UBUNTU) http://www.ubuntu.com/usn/usn-473-1 - (UBUNTU) http://www.ubuntu.com/usn/usn-473-1 - Third Party Advisory
References (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDKSA-2007:038 - (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDKSA-2007:038 - Broken Link
References (CONFIRM) https://issues.rpath.com/browse/RPL-1268 - (CONFIRM) https://issues.rpath.com/browse/RPL-1268 - Broken Link
References (SECUNIA) http://secunia.com/advisories/25575 - (SECUNIA) http://secunia.com/advisories/25575 - Not Applicable
References (CONFIRM) https://issues.rpath.com/browse/RPL-1030 - (CONFIRM) https://issues.rpath.com/browse/RPL-1030 - Broken Link
References (REDHAT) http://www.redhat.com/support/errata/RHSA-2007-0162.html - (REDHAT) http://www.redhat.com/support/errata/RHSA-2007-0162.html - Third Party Advisory
References (VUPEN) http://www.vupen.com/english/advisories/2007/0400 - (VUPEN) http://www.vupen.com/english/advisories/2007/0400 - Permissions Required
References (SECUNIA) http://secunia.com/advisories/42813 - (SECUNIA) http://secunia.com/advisories/42813 - Not Applicable
References (SECUNIA) http://secunia.com/advisories/24053 - (SECUNIA) http://secunia.com/advisories/24053 - Not Applicable
References (BUGTRAQ) http://www.securityfocus.com/archive/1/466166/100/0/threaded - (BUGTRAQ) http://www.securityfocus.com/archive/1/466166/100/0/threaded - Third Party Advisory, VDB Entry
References (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11303 - (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11303 - Third Party Advisory
References (SECUNIA) http://secunia.com/advisories/24107 - (SECUNIA) http://secunia.com/advisories/24107 - Not Applicable
References (SECUNIA) http://secunia.com/advisories/24052 - (SECUNIA) http://secunia.com/advisories/24052 - Not Applicable
References (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDKSA-2007:035 - (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDKSA-2007:035 - Broken Link
References (REDHAT) http://www.redhat.com/support/errata/RHSA-2008-0146.html - (REDHAT) http://www.redhat.com/support/errata/RHSA-2008-0146.html - Third Party Advisory
References (SECUNIA) http://secunia.com/advisories/24143 - (SECUNIA) http://secunia.com/advisories/24143 - Not Applicable
References (FEDORA) http://fedoranews.org/cms/node/2631 - (FEDORA) http://fedoranews.org/cms/node/2631 - Broken Link
References (FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html - (FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html - Mailing List, Third Party Advisory
References (SECUNIA) http://secunia.com/advisories/24965 - (SECUNIA) http://secunia.com/advisories/24965 - Not Applicable
References (MLIST) http://lists.rpath.com/pipermail/security-announce/2007-February/000145.html - (MLIST) http://lists.rpath.com/pipermail/security-announce/2007-February/000145.html - Broken Link
References (TRUSTIX) http://www.trustix.org/errata/2007/0007 - (TRUSTIX) http://www.trustix.org/errata/2007/0007 - Broken Link
References (SECUNIA) http://secunia.com/advisories/24022 - (SECUNIA) http://secunia.com/advisories/24022 - Not Applicable
References (SECUNIA) http://secunia.com/advisories/23916 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/23916 - Not Applicable, Vendor Advisory
References (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDKSA-2007:036 - (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDKSA-2007:036 - Broken Link
References (SECUNIA) http://secunia.com/advisories/24151 - (SECUNIA) http://secunia.com/advisories/24151 - Not Applicable
References (BID) http://www.securityfocus.com/bid/22289 - (BID) http://www.securityfocus.com/bid/22289 - Third Party Advisory, VDB Entry
References (REDHAT) http://www.redhat.com/support/errata/RHSA-2007-0153.html - (REDHAT) http://www.redhat.com/support/errata/RHSA-2007-0153.html - Third Party Advisory
References (CONFIRM) http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=224607 - Vendor Advisory (CONFIRM) http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=224607 - Issue Tracking, Third Party Advisory
References (FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html - (FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html - Mailing List, Third Party Advisory
References (SECUNIA) http://secunia.com/advisories/29157 - (SECUNIA) http://secunia.com/advisories/29157 - Not Applicable
References (SECUNIA) http://secunia.com/advisories/24945 - (SECUNIA) http://secunia.com/advisories/24945 - Not Applicable
References (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDKSA-2007:109 - (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDKSA-2007:109 - Broken Link
References (SECUNIA) http://secunia.com/advisories/24924 - (SECUNIA) http://secunia.com/advisories/24924 - Not Applicable
References (REDHAT) http://rhn.redhat.com/errata/RHSA-2007-0155.html - (REDHAT) http://rhn.redhat.com/errata/RHSA-2007-0155.html - Third Party Advisory
CPE cpe:2.3:a:gd_graphics_library:gdlib:2.0.33:*:*:*:*:*:*:*
cpe:2.3:a:gd_graphics_library:gdlib:2.0.21:*:*:*:*:*:*:*
cpe:2.3:a:gd_graphics_library:gdlib:2.0.22:*:*:*:*:*:*:*
cpe:2.3:a:gd_graphics_library:gdlib:2.0.28:*:*:*:*:*:*:*
cpe:2.3:a:gd_graphics_library:gdlib:2.0.23:*:*:*:*:*:*:*
cpe:2.3:a:gd_graphics_library:gdlib:2.0.27:*:*:*:*:*:*:*
cpe:2.3:a:gd_graphics_library:gdlib:2.0.15:*:*:*:*:*:*:*
cpe:2.3:a:gd_graphics_library:gdlib:2.0.20:*:*:*:*:*:*:*
cpe:2.3:a:gd_graphics_library:gdlib:2.0.26:*:*:*:*:*:*:*
cpe:2.3:a:gd_graphics_library:gdlib:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:gd_graphics_library_project:gd_graphics_library:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:3.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:3.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*

Information

Published : 2007-01-30 17:28

Updated : 2024-11-21 00:25


NVD link : CVE-2007-0455

Mitre link : CVE-2007-0455

CVE.ORG link : CVE-2007-0455


JSON object : View

Products Affected

canonical

  • ubuntu_linux

redhat

  • enterprise_linux_desktop
  • enterprise_linux_workstation
  • enterprise_linux_server

fedoraproject

  • fedora

php

  • php

gd_graphics_library_project

  • gd_graphics_library
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')