Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2007-0455

Published: 30/01/2007 Updated: 21/07/2022
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Gd Graphics Library

Vulnerability Summary

Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and previous versions allows remote malicious users to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gd graphics library project gd graphics library

php php

canonical ubuntu linux 7.04

canonical ubuntu linux 6.10

canonical ubuntu linux 6.06

fedoraproject fedora 13

fedoraproject fedora 14

redhat enterprise linux desktop 3.0

redhat enterprise linux desktop 4.0

redhat enterprise linux server 4.0

redhat enterprise linux workstation 4.0

redhat enterprise linux workstation 3.0

redhat enterprise linux server 3.0

Vendor Advisories

Ubuntu Security Notice: libgd2 vulnerabilities
A buffer overflow was discovered in libgd2’s font renderer By tricking an application using libgd2 into rendering a specially crafted string with a JIS encoded font, a remote attacker could read heap memory or crash the application, leading to a denial of service (CVE-2007-0455) ...
Debian CVElist Bug Report Logs: CVE-2007-0455: libgd2: "gdImageStringFTEx()" Denial of Service
Debian Bug report logs - #408982 CVE-2007-0455: libgd2: "gdImageStringFTEx()" Denial of Service Package: libgd2; Maintainer for libgd2 is GD Team <team+gd@trackerdebianorg>; Reported by: Alex de Oliveira Silva <enerv@hostsk> Date: Mon, 29 Jan 2007 18:03:07 UTC Severity: important Tags: security Found in versions ...
Debian CVElist Bug Report Logs: libgd2: CVE-2009-3546: possible buffer overflow or buffer over-read attacks via crafted files
Debian Bug report logs - #552534 libgd2: CVE-2009-3546: possible buffer overflow or buffer over-read attacks via crafted files Package: src:libgd2; Maintainer for src:libgd2 is GD Team <team+gd@trackerdebianorg>; Reported by: Raphael Geissert <geissert@debianorg> Date: Tue, 27 Oct 2009 10:12:02 UTC Severity: grave ...
Amazon Linux AMI: ALAS-2015-604
It was discovered that libwmf did not correctly process certain WMF (Windows Metafiles) with embedded BMP images By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the application (CVE-2015-0 ...
Arch Linux Issues:
Buffer overflow in the gdImageStringFTEx function in gdftc in GD Graphics Library 2033 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font ...

References

CWE-120http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=224607http://secunia.com/advisories/23916http://lists.rpath.com/pipermail/security-announce/2007-February/000145.htmlhttps://issues.rpath.com/browse/RPL-1030http://fedoranews.org/cms/node/2631http://www.mandriva.com/security/advisories?name=MDKSA-2007:035http://www.mandriva.com/security/advisories?name=MDKSA-2007:036http://www.mandriva.com/security/advisories?name=MDKSA-2007:038http://www.trustix.org/errata/2007/0007http://www.securityfocus.com/bid/22289http://secunia.com/advisories/24022http://secunia.com/advisories/24052http://secunia.com/advisories/24053http://secunia.com/advisories/24107http://secunia.com/advisories/24143http://secunia.com/advisories/24151http://rhn.redhat.com/errata/RHSA-2007-0155.htmlhttp://secunia.com/advisories/24924https://issues.rpath.com/browse/RPL-1268http://www.redhat.com/support/errata/RHSA-2007-0153.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0162.htmlhttp://secunia.com/advisories/24965http://secunia.com/advisories/24945http://www.mandriva.com/security/advisories?name=MDKSA-2007:109http://www.ubuntu.com/usn/usn-473-1http://secunia.com/advisories/25575http://www.redhat.com/support/errata/RHSA-2008-0146.htmlhttp://secunia.com/advisories/29157http://secunia.com/advisories/42813http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.htmlhttp://www.vupen.com/english/advisories/2011/0022http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.htmlhttp://www.vupen.com/english/advisories/2007/0400https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11303http://www.securityfocus.com/archive/1/466166/100/0/threadedhttps://usn.ubuntu.com/473-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
XXECVE-2024-34490SQL injectionCVE-2024-34488CVE-2024-4507CVE-2023-7028CVE-2024-23187TCPCVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook