Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

CVE-2007-3996 integer overflows in multiple functions

Related Vulnerabilities: CVE-2007-3996  

Source

Debian Bug report logs - #443456
CVE-2007-3996 integer overflows in multiple functions

version graph

Package: libgd2; Maintainer for libgd2 is GD Team <team+gd@tracker.debian.org>;

Reported by: Nico Golde <nion@debian.org>

Date: Fri, 21 Sep 2007 13:54:04 UTC

Severity: important

Tags: security

Found in version 2.0.33-1.1sarge1

Fixed in version 2.0.35.dfsg-1

Done: Ondřej Surý <ondrej@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, GD team <pkg-gd-devel@lists.alioth.debian.org>:
Bug#443456; Package libgd2. (full text, mbox, link).

Acknowledgement sent to Nico Golde <nion@debian.org>:
New Bug report received and forwarded. Copy sent to GD team <pkg-gd-devel@lists.alioth.debian.org>. (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <nion@debian.org>
To: submit@bugs.debian.org
Subject: CVE-2007-3996 integer overflows in multiple functions
Date: Fri, 21 Sep 2007 15:51:55 +0200
[Message part 1 (text/plain, inline)]
Package: libgd2
Severity: important
Tags: security

Hi,
a CVE has been issued for libgd:
CVE-2007-3996[0]:
Multiple integer overflows in libgd in PHP before 5.2.4 
allow remote attackers to cause a denial of service 
(application crash) and possibly execute arbitrary code via 
a large (1) srcW or (2) srcH value to the (a) 
gdImageCopyResized function, or a large (3) sy (height) or 
(4) sx (width) value to the (b) gdImageCreate or the (c) 
gdImageCreateTrueColor function.

I can confirm this bug for Debian with looking at the souce 
code.

If you fix this bug please include the CVE id in the 
changelog.

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3996

Kind regards
Nico
-- 
Nico Golde - http://ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

[Message part 2 (application/pgp-signature, inline)]

Bug marked as fixed in version 2.0.35.dfsg-1. Request was from Nico Golde <nion@debian.org> to control@bugs.debian.org. (Sat, 29 Sep 2007 12:18:06 GMT) (full text, mbox, link).

Bug marked as found in version 2.0.33-1.1sarge1. Request was from Nico Golde <nion@debian.org> to control@bugs.debian.org. (Sat, 29 Sep 2007 12:18:08 GMT) (full text, mbox, link).

Marked Bug as done Request was from Ondřej Surý <ondrej@debian.org> to control@bugs.debian.org. (Fri, 12 Apr 2013 06:36:04 GMT) (full text, mbox, link).

Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer. (Fri, 12 Apr 2013 06:36:05 GMT) (full text, mbox, link).

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 10 May 2013 07:27:04 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 13:37:55 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook
Vulmon Logo
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started