Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.6
CVSSv2

CVE-2006-4484

Published: 31/08/2006 Updated: 30/10/2018
CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9
VMScore: 231
Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P
Subscribe to Php

Vulnerability Summary

Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP prior to 5.1.5 allows remote malicious users to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array.

Vulnerable Product Search on Vulmon Subscribe to Product

php php 5.1.4

php php 5.1.0

php php 5.1.1

php php 5.1.2

Vendor Advisories

Ubuntu Security Notice: php4, php5 vulnerabilities
The sscanf() function did not properly check array boundaries In applications which use sscanf() with argument swapping, a remote attacker could potentially exploit this to crash the affected web application or even execute arbitrary code with the application’s privileges (CVE-2006-4020) ...
Debian CVElist Bug Report Logs: libtk-img: CVE-2008-0553 buffer overflow in ReadImage() leading to arbitrary code execution via crafted GIF
Debian Bug report logs - #485785 libtk-img: CVE-2008-0553 buffer overflow in ReadImage() leading to arbitrary code execution via crafted GIF Package: libtk-img; Maintainer for libtk-img is Sergei Golovan <sgolovan@debianorg>; Source for libtk-img is src:libtk-img (PTS, buildd, popcon) Reported by: Nico Golde <nion@debian ...
Debian CVElist Bug Report Logs: CVE-2006-4484: buffer overflow in giftopnm
Debian Bug report logs - #464056 CVE-2006-4484: buffer overflow in giftopnm Package: netpbm; Maintainer for netpbm is Andreas Barth <aba@notsoarghorg>; Source for netpbm is src:netpbm-free (PTS, buildd, popcon) Reported by: Stefan Fritsch <sf@sfritschde> Date: Mon, 4 Feb 2008 22:15:01 UTC Severity: important Ta ...

References

NVD-CWE-Otherhttp://bugs.php.net/bug.php?id=38112http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_gif_in.c?r1=1.10&r2=1.11http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_gif_in.c?view=loghttp://www.php.net/ChangeLog-5.php#5.1.5http://www.php.net/release_5_1_5.phphttp://secunia.com/advisories/21546http://www.ubuntu.com/usn/usn-342-1http://secunia.com/advisories/21768http://secunia.com/advisories/21842http://www.novell.com/linux/security/advisories/2006_52_php.htmlhttp://secunia.com/advisories/22069http://securitytracker.com/id?1016984https://issues.rpath.com/browse/RPL-683http://secunia.com/advisories/22225http://support.avaya.com/elmodocs2/security/ASA-2006-222.htmhttp://secunia.com/advisories/22440http://support.avaya.com/elmodocs2/security/ASA-2006-223.htmhttp://rhn.redhat.com/errata/RHSA-2006-0688.htmlftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.aschttp://www.securityfocus.com/bid/19582http://secunia.com/advisories/22538http://secunia.com/advisories/22487http://secunia.com/advisories/22039http://www.turbolinux.com/security/2006/TLSA-2006-38.txthttp://www.mandriva.com/security/advisories?name=MDKSA-2006:162http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0046https://issues.rpath.com/browse/RPL-2218http://www.mandriva.com/security/advisories?name=MDVSA-2008:038http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.htmlhttp://secunia.com/advisories/28768http://secunia.com/advisories/28838http://secunia.com/advisories/28845http://wiki.rpath.com/Advisories:rPSA-2008-0046https://bugzilla.redhat.com/show_bug.cgi?id=431568https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00502.htmlhttp://secunia.com/advisories/28866http://secunia.com/advisories/28959http://www.redhat.com/support/errata/RHSA-2008-0146.htmlhttp://secunia.com/advisories/29157http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.htmlhttp://secunia.com/advisories/29242http://www.mandriva.com/security/advisories?name=MDVSA-2008:077http://secunia.com/advisories/29546http://www.novell.com/linux/security/advisories/2008_13_sr.htmlhttp://secunia.com/advisories/30717http://www.vupen.com/english/advisories/2006/3318https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9004http://www.securityfocus.com/archive/1/488008/100/0/threadedhttp://www.securityfocus.com/archive/1/487683/100/0/threadedhttp://www.securityfocus.com/archive/1/447866/100/0/threadedhttps://usn.ubuntu.com/342-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook