Lucene search

MitreCVE-2007-3478

HistoryJun 28, 2007 - 6:30 p.m.

CVE-2007-3478

2007-06-2818:30:00

CWE-362

mitre

web.nvd.nist.gov

cve-2007-3478

race condition

gdimagestringftex

libgd

denial of service

crash

nvd

security

vulnerability

exploit

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

6.3

Confidence

Low

EPSS

0.154

Percentile

96.0%

JSON

Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support.

Affected configurations

Nvd

Node

gd_graphics_librarygdlibRange≤2.0.34

VendorProductVersionCPE
gd_graphics_librarygdlibcpe:/a:gd_graphics_library:gdlib::::

Vendor	Product	Version	CPE
gd_graphics_library	gdlib		cpe:/a:gd_graphics_library:gdlib::::

References

bugs.libgd.org/?do=details&task_id=48

bugs.php.net/bug.php?id=40578

fedoranews.org/updates/FEDORA-2007-205.shtml

lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html

lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html

osvdb.org/37740

secunia.com/advisories/25855

secunia.com/advisories/26272

secunia.com/advisories/26390

secunia.com/advisories/26415

secunia.com/advisories/26467

secunia.com/advisories/26663

secunia.com/advisories/26766

secunia.com/advisories/26856

secunia.com/advisories/30168

secunia.com/advisories/42813

security.gentoo.org/glsa/glsa-200708-05.xml

security.gentoo.org/glsa/glsa-200711-34.xml

security.gentoo.org/glsa/glsa-200805-13.xml

www.libgd.org/ReleaseNote020035

www.mandriva.com/security/advisories?name=MDKSA-2007:153

www.mandriva.com/security/advisories?name=MDKSA-2007:164

www.novell.com/linux/security/advisories/2007_15_sr.html

www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html

www.securityfocus.com/archive/1/478796/100/0/threaded

www.trustix.org/errata/2007/0024/

www.vupen.com/english/advisories/2007/2336

www.vupen.com/english/advisories/2011/0022

bugzilla.redhat.com/show_bug.cgi?id=277421

issues.rpath.com/browse/RPL-1643

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

6.3

Confidence

Low

EPSS

0.154

Percentile

96.0%

JSON

Related for CVE-2007-3478