Lucene search

[email protected]CVE-2006-4484

HistoryAug 31, 2006 - 9:04 p.m.

CVE-2006-4484

2006-08-3121:04:00

[email protected]

web.nvd.nist.gov

php

gd extension

buffer overflow

cve-2006-4484

security vulnerability

nvd

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

6.6 Medium

AI Score

Confidence

Low

0.317 Low

EPSS

Percentile

97.0%

JSON

Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array.

Affected configurations

NVD

Node

phpphpMatch5.1.0

phpphpMatch5.1.1

phpphpMatch5.1.2

phpphpMatch5.1.4

CPENameOperatorVersion
php:phpphpeq5.1.0
php:phpphpeq5.1.1
php:phpphpeq5.1.2
php:phpphpeq5.1.4

CPE	Name	Operator	Version
php:php	php	eq	5.1.0
php:php	php	eq	5.1.1
php:php	php	eq	5.1.2
php:php	php	eq	5.1.4

References

ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc

bugs.php.net/bug.php?id=38112

cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_gif_in.c?r1=1.10&r2=1.11

cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_gif_in.c?view=log

lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html

lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html

rhn.redhat.com/errata/RHSA-2006-0688.html

secunia.com/advisories/21546

secunia.com/advisories/21768

secunia.com/advisories/21842

secunia.com/advisories/22039

secunia.com/advisories/22069

secunia.com/advisories/22225

secunia.com/advisories/22440

secunia.com/advisories/22487

secunia.com/advisories/22538

secunia.com/advisories/28768

secunia.com/advisories/28838

secunia.com/advisories/28845

secunia.com/advisories/28866

secunia.com/advisories/28959

secunia.com/advisories/29157

secunia.com/advisories/29242

secunia.com/advisories/29546

secunia.com/advisories/30717

securitytracker.com/id?1016984

support.avaya.com/elmodocs2/security/ASA-2006-222.htm

support.avaya.com/elmodocs2/security/ASA-2006-223.htm

wiki.rpath.com/Advisories:rPSA-2008-0046

wiki.rpath.com/wiki/Advisories:rPSA-2008-0046

www.mandriva.com/security/advisories?name=MDKSA-2006:162

www.mandriva.com/security/advisories?name=MDVSA-2008:038

www.mandriva.com/security/advisories?name=MDVSA-2008:077

www.novell.com/linux/security/advisories/2006_52_php.html

www.novell.com/linux/security/advisories/2008_13_sr.html

www.php.net/ChangeLog-5.php#5.1.5

www.php.net/release_5_1_5.php

www.redhat.com/support/errata/RHSA-2008-0146.html

www.securityfocus.com/archive/1/447866/100/0/threaded

www.securityfocus.com/archive/1/487683/100/0/threaded

www.securityfocus.com/archive/1/488008/100/0/threaded

www.securityfocus.com/bid/19582

www.turbolinux.com/security/2006/TLSA-2006-38.txt

www.ubuntu.com/usn/usn-342-1

www.vupen.com/english/advisories/2006/3318

bugzilla.redhat.com/show_bug.cgi?id=431568

issues.rpath.com/browse/RPL-2218

issues.rpath.com/browse/RPL-683

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9004

www.redhat.com/archives/fedora-package-announce/2008-February/msg00502.html

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

6.6 Medium

AI Score

Confidence

Low

0.317 Low

EPSS

Percentile

97.0%

JSON

Related for CVE-2006-4484

nessus23 openvas27 cvelist5 fedora3 ubuntucve5 debiancve5 nvd5 cve4 prion4 securityvulns1 gentoo1 ubuntu1 redhat3 centos2 oraclelinux3 freebsd1 suse1