CVE-2007-0455: libgd2: "gdImageStringFTEx()" Denial of Service

Debian Bug report logs - #408982
CVE-2007-0455: libgd2: "gdImageStringFTEx()" Denial of Service

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Alex de Oliveira Silva <enerv@host.sk>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: CVE-2007-0455: libgd2: "gdImageStringFTEx()" Denial of Service

Date: Mon, 29 Jan 2007 14:52:45 -0300

[Message part 1 (text/plain, inline)]

Package: libgd2
Version: 2.0.33-6
Severity: important
Tags: security

Maybe the libgd2 is affected with this vulnerability.

The vulnerability is caused due to an error within the
"gdImageStringFTEx()" function in gdft.c, which can be exploited to
increment the terminating NULL of a string, potentially resulting in a
buffer overflow.

Successful exploitation requires that a JIS-encoded font is used.

Solution:
Do not use JIS-encoded fonts with an application using GD Graphics
Library.

Patch:
Exist one patch in Red Hat to solve it.
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=224607
patch attached in email.


Note:
Please mention the CVE id in the changelog.



regards,
-- 
   .''`.  
  : :' :    Alex de Oliveira Silva | enerv
  `. `'     www.enerv.net
    `- 

[libgd2.patch (text/x-c, attachment)]

Message #10 received at 408982@bugs.debian.org (full text, mbox, reply):

From: sean finney <seanius@debian.org>

To: 425978@bugs.debian.org, 408982@bugs.debian.org, 426100@bugs.debian.org, 425754@bugs.debian.org, 425584@bugs.debian.org

Subject: patch for security issues

Date: Tue, 29 May 2007 23:08:53 +0200

[Message part 1 (text/plain, inline)]

hi,

i previously emailed jonas tonight with a patch that can be used to 
incorporate fixes for the above bugs in etch.  for posterity, here it is.  i 
hear there are going to be a few more security issues surfacing in the near 
future, so i won't be sending this to the security team yet, but if i haven't 
heard a request not to do so i will probably do so after the other issues are 
dealt with.


	sean

[libgd2_2.0.33-5.2etch4.interdiff (text/x-diff, attachment)]

[signature.asc (application/pgp-signature, inline)]

Message #17 received at 408982-close@bugs.debian.org (full text, mbox, reply):

From: Giuseppe Iuculano <iuculano@debian.org>

To: 408982-close@bugs.debian.org

Subject: Bug#408982: fixed in libgd2 2.0.33-5.2etch4

Date: Sat, 05 Dec 2009 22:15:03 +0000

Source: libgd2
Source-Version: 2.0.33-5.2etch4

We believe that the bug you reported is fixed in the latest version of
libgd2, which is due to be installed in the Debian FTP archive:

libgd-tools_2.0.33-5.2etch4_i386.deb
  to main/libg/libgd2/libgd-tools_2.0.33-5.2etch4_i386.deb
libgd2-noxpm-dev_2.0.33-5.2etch4_i386.deb
  to main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch4_i386.deb
libgd2-noxpm_2.0.33-5.2etch4_i386.deb
  to main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch4_i386.deb
libgd2-xpm-dev_2.0.33-5.2etch4_i386.deb
  to main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch4_i386.deb
libgd2-xpm_2.0.33-5.2etch4_i386.deb
  to main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch4_i386.deb
libgd2_2.0.33-5.2etch4.diff.gz
  to main/libg/libgd2/libgd2_2.0.33-5.2etch4.diff.gz
libgd2_2.0.33-5.2etch4.dsc
  to main/libg/libgd2/libgd2_2.0.33-5.2etch4.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 408982@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Giuseppe Iuculano <iuculano@debian.org> (supplier of updated libgd2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 10 Nov 2009 10:15:53 +0100
Source: libgd2
Binary: libgd2-noxpm-dev libgd2-noxpm libgd2-xpm libgd2-xpm-dev libgd-tools
Architecture: source i386
Version: 2.0.33-5.2etch4
Distribution: oldstable-security
Urgency: high
Maintainer: Jonas Smedegaard <dr@jones.dk>
Changed-By: Giuseppe Iuculano <iuculano@debian.org>
Description: 
 libgd-tools - GD command line tools and example code
 libgd2-noxpm - GD Graphics Library version 2 (without XPM support)
 libgd2-noxpm-dev - GD Graphics Library version 2 (development version)
 libgd2-xpm - GD Graphics Library version 2
 libgd2-xpm-dev - GD Graphics Library version 2 (development version)
Closes: 408982 552534
Changes: 
 libgd2 (2.0.33-5.2etch4) oldstable-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fixed CVE-2009-3546: possible buffer overflow or buffer over-read attacks
     via crafted files (Closes: #552534)
   * Fixed CVE-2007-0455: Buffer overflow in the gdImageStringFTEx function in
     gdft.c (Closes: #408982)
Files: 
 c143f788dec8bc93ba7d80532600e09c 988 libs optional libgd2_2.0.33-5.2etch4.dsc
 d2f4b2221cb0e05063f85157711638c7 301479 libs optional libgd2_2.0.33-5.2etch4.diff.gz
 be7a5db664baec27428b8092acd942a9 143160 graphics optional libgd-tools_2.0.33-5.2etch4_i386.deb
 c6374428f8f2fc3c56cca141fda12267 335496 libdevel optional libgd2-xpm-dev_2.0.33-5.2etch4_i386.deb
 16b228575857c08de542a1679bcde839 333956 libdevel optional libgd2-noxpm-dev_2.0.33-5.2etch4_i386.deb
 faa4e27f258d87a2d6716a1c7522ae96 198922 libs optional libgd2-xpm_2.0.33-5.2etch4_i386.deb
 70de99f091a5ca73c3a9e14735a7f715 197048 libs optional libgd2-noxpm_2.0.33-5.2etch4_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkr5MsYACgkQNxpp46476aqq6wCaAl5wT78dAZwx3hpBD7SrY2pJ
IuoAnA4gD0PWKDsmW3xLehwzm9CMT+Iz
=FrTS
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.