4.3
CVSSv2

CVE-2007-3472

Published: 28/06/2007 Updated: 16/10/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Summary

Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) prior to 2.0.35 allows user-assisted remote malicious users to have unspecified attack vectors and impact.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

libgd gd graphics library 2.0.33

libgd gd graphics library 2.0.34

libgd gd graphics library 2.0.35

libgd gd graphics library

Vendor Advisories

Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2035 allows user-assisted remote attackers to have unspecified attack vectors and impact ...
It was discovered that libwmf did not correctly process certain WMF (Windows Metafiles) with embedded BMP images By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the application (CVE-2015-0 ...
Arch Linux Security Advisory ASA-201701-1 ========================================= Severity: Critical Date : 2017-01-01 CVE-ID : CVE-2006-3376 CVE-2007-0455 CVE-2007-2756 CVE-2007-3472 CVE-2007-3473 CVE-2007-3477 CVE-2009-1364 CVE-2009-3546 CVE-2015-0848 CVE-2015-4588 CVE-2015-4695 CVE-2015-4696 CVE-2016-9011 Pac ...

References

CWE-189http://bugs.libgd.org/?do=details&task_id=89http://www.libgd.org/ReleaseNote020035http://secunia.com/advisories/25855http://www.secweb.se/en/advisories/gd-gdimagecreatetruecolor-integer-overflow/ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgzhttps://issues.rpath.com/browse/RPL-1643https://bugzilla.redhat.com/show_bug.cgi?id=277421http://fedoranews.org/updates/FEDORA-2007-205.shtmlhttp://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.htmlhttp://security.gentoo.org/glsa/glsa-200708-05.xmlhttp://security.gentoo.org/glsa/glsa-200711-34.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2007:153http://www.mandriva.com/security/advisories?name=MDKSA-2007:164http://www.novell.com/linux/security/advisories/2007_15_sr.htmlhttp://www.trustix.org/errata/2007/0024/http://www.securityfocus.com/bid/24651http://secunia.com/advisories/25860http://secunia.com/advisories/26272http://secunia.com/advisories/26390http://secunia.com/advisories/26415http://secunia.com/advisories/26467http://secunia.com/advisories/26663http://secunia.com/advisories/26766http://secunia.com/advisories/26856http://www.redhat.com/support/errata/RHSA-2008-0146.htmlhttp://secunia.com/advisories/29157http://security.gentoo.org/glsa/glsa-200805-13.xmlhttp://secunia.com/advisories/30168http://www.vupen.com/english/advisories/2011/0022http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.htmlhttp://secunia.com/advisories/42813http://www.vupen.com/english/advisories/2007/2336http://osvdb.org/37745https://exchange.xforce.ibmcloud.com/vulnerabilities/35108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11067http://www.securityfocus.com/archive/1/478796/100/0/threadedhttps://nvd.nist.govhttps://security.archlinux.org/CVE-2007-3472http://tools.cisco.com/security/center/viewAlert.x?alertId=13608