Debian Bug report logs -
#408982
CVE-2007-0455: libgd2: "gdImageStringFTEx()" Denial of Service
Reported by: Alex de Oliveira Silva <enerv@host.sk>
Date: Mon, 29 Jan 2007 18:03:07 UTC
Severity: important
Tags: security
Found in versions 2.0.33-5.2, 2.0.33-6
Fixed in versions 2.0.34-1, libgd2/2.0.33-5.2etch4
Done: Giuseppe Iuculano <iuculano@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Jonas Smedegaard <dr@jones.dk>
:
Bug#408982
; Package libgd2
.
(full text, mbox, link).
Acknowledgement sent to Alex de Oliveira Silva <enerv@host.sk>
:
New Bug report received and forwarded. Copy sent to Jonas Smedegaard <dr@jones.dk>
.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: libgd2
Version: 2.0.33-6
Severity: important
Tags: security
Maybe the libgd2 is affected with this vulnerability.
The vulnerability is caused due to an error within the
"gdImageStringFTEx()" function in gdft.c, which can be exploited to
increment the terminating NULL of a string, potentially resulting in a
buffer overflow.
Successful exploitation requires that a JIS-encoded font is used.
Solution:
Do not use JIS-encoded fonts with an application using GD Graphics
Library.
Patch:
Exist one patch in Red Hat to solve it.
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=224607
patch attached in email.
Note:
Please mention the CVE id in the changelog.
regards,
--
.''`.
: :' : Alex de Oliveira Silva | enerv
`. `' www.enerv.net
`-
[libgd2.patch (text/x-c, attachment)]
Information forwarded to debian-bugs-dist@lists.debian.org, Jonas Smedegaard <dr@jones.dk>
:
Bug#408982
; Package libgd2
.
(full text, mbox, link).
Acknowledgement sent to sean finney <seanius@debian.org>
:
Extra info received and forwarded to list. Copy sent to Jonas Smedegaard <dr@jones.dk>
.
(full text, mbox, link).
Message #10 received at 408982@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
hi,
i previously emailed jonas tonight with a patch that can be used to
incorporate fixes for the above bugs in etch. for posterity, here it is. i
hear there are going to be a few more security issues surfacing in the near
future, so i won't be sending this to the security team yet, but if i haven't
heard a request not to do so i will probably do so after the other issues are
dealt with.
sean
[libgd2_2.0.33-5.2etch4.interdiff (text/x-diff, attachment)]
[signature.asc (application/pgp-signature, inline)]
Bug marked as found in version 2.0.33-5.2.
Request was from Touko Korpela <tkorpela@phnet.fi>
to control@bugs.debian.org
.
(Sun, 12 Aug 2007 22:39:08 GMT) (full text, mbox, link).
Reply sent
to Giuseppe Iuculano <iuculano@debian.org>
:
You have taken responsibility.
(Sat, 05 Dec 2009 22:18:03 GMT) (full text, mbox, link).
Notification sent
to Alex de Oliveira Silva <enerv@host.sk>
:
Bug acknowledged by developer.
(Sat, 05 Dec 2009 22:18:03 GMT) (full text, mbox, link).
Message #17 received at 408982-close@bugs.debian.org (full text, mbox, reply):
Source: libgd2
Source-Version: 2.0.33-5.2etch4
We believe that the bug you reported is fixed in the latest version of
libgd2, which is due to be installed in the Debian FTP archive:
libgd-tools_2.0.33-5.2etch4_i386.deb
to main/libg/libgd2/libgd-tools_2.0.33-5.2etch4_i386.deb
libgd2-noxpm-dev_2.0.33-5.2etch4_i386.deb
to main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch4_i386.deb
libgd2-noxpm_2.0.33-5.2etch4_i386.deb
to main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch4_i386.deb
libgd2-xpm-dev_2.0.33-5.2etch4_i386.deb
to main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch4_i386.deb
libgd2-xpm_2.0.33-5.2etch4_i386.deb
to main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch4_i386.deb
libgd2_2.0.33-5.2etch4.diff.gz
to main/libg/libgd2/libgd2_2.0.33-5.2etch4.diff.gz
libgd2_2.0.33-5.2etch4.dsc
to main/libg/libgd2/libgd2_2.0.33-5.2etch4.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 408982@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Giuseppe Iuculano <iuculano@debian.org> (supplier of updated libgd2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 10 Nov 2009 10:15:53 +0100
Source: libgd2
Binary: libgd2-noxpm-dev libgd2-noxpm libgd2-xpm libgd2-xpm-dev libgd-tools
Architecture: source i386
Version: 2.0.33-5.2etch4
Distribution: oldstable-security
Urgency: high
Maintainer: Jonas Smedegaard <dr@jones.dk>
Changed-By: Giuseppe Iuculano <iuculano@debian.org>
Description:
libgd-tools - GD command line tools and example code
libgd2-noxpm - GD Graphics Library version 2 (without XPM support)
libgd2-noxpm-dev - GD Graphics Library version 2 (development version)
libgd2-xpm - GD Graphics Library version 2
libgd2-xpm-dev - GD Graphics Library version 2 (development version)
Closes: 408982 552534
Changes:
libgd2 (2.0.33-5.2etch4) oldstable-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fixed CVE-2009-3546: possible buffer overflow or buffer over-read attacks
via crafted files (Closes: #552534)
* Fixed CVE-2007-0455: Buffer overflow in the gdImageStringFTEx function in
gdft.c (Closes: #408982)
Files:
c143f788dec8bc93ba7d80532600e09c 988 libs optional libgd2_2.0.33-5.2etch4.dsc
d2f4b2221cb0e05063f85157711638c7 301479 libs optional libgd2_2.0.33-5.2etch4.diff.gz
be7a5db664baec27428b8092acd942a9 143160 graphics optional libgd-tools_2.0.33-5.2etch4_i386.deb
c6374428f8f2fc3c56cca141fda12267 335496 libdevel optional libgd2-xpm-dev_2.0.33-5.2etch4_i386.deb
16b228575857c08de542a1679bcde839 333956 libdevel optional libgd2-noxpm-dev_2.0.33-5.2etch4_i386.deb
faa4e27f258d87a2d6716a1c7522ae96 198922 libs optional libgd2-xpm_2.0.33-5.2etch4_i386.deb
70de99f091a5ca73c3a9e14735a7f715 197048 libs optional libgd2-noxpm_2.0.33-5.2etch4_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkr5MsYACgkQNxpp46476aqq6wCaAl5wT78dAZwx3hpBD7SrY2pJ
IuoAnA4gD0PWKDsmW3xLehwzm9CMT+Iz
=FrTS
-----END PGP SIGNATURE-----
Bug Marked as fixed in versions 2.0.34-1.
Request was from Julien Cristau <jcristau@debian.org>
to control@bugs.debian.org
.
(Mon, 25 Jul 2011 19:27:03 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sun, 28 Aug 2011 07:39:20 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:54:08 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.