PRIOn knowledge basePRION:CVE-2007-1001Integer overflow
Multiple integer overflows in the (1) createwbmp and (2) readwbmp functions in wbmp.c in the GD library (libgd) in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allow context-dependent attackers to execute arbitrary code via Wireless Bitmap (WBMP) images with large width or height values.
References
cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/wbmp.c?r1=1.2.4.1&r2=1.2.4.1.8.1
cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/wbmp.c?revision=1.2.4.1.8.1&view=markup
docs.info.apple.com/article.html?artnum=306172
lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
rhn.redhat.com/errata/RHSA-2007-0155.html
secunia.com/advisories/24814
secunia.com/advisories/24909
secunia.com/advisories/24924
secunia.com/advisories/24945
secunia.com/advisories/24965
secunia.com/advisories/25056
secunia.com/advisories/25151
secunia.com/advisories/25445
secunia.com/advisories/26235
security.gentoo.org/glsa/glsa-200705-19.xml
us2.php.net/releases/4_4_7.php
us2.php.net/releases/5_2_2.php
www.mandriva.com/security/advisories?name=MDKSA-2007:087
www.mandriva.com/security/advisories?name=MDKSA-2007:088
www.mandriva.com/security/advisories?name=MDKSA-2007:089
www.mandriva.com/security/advisories?name=MDKSA-2007:090
www.novell.com/linux/security/advisories/2007_32_php.html
www.redhat.com/support/errata/RHSA-2007-0153.html
www.redhat.com/support/errata/RHSA-2007-0162.html
www.securityfocus.com/archive/1/464957/100/0/threaded
www.securityfocus.com/archive/1/466166/100/0/threaded
www.securityfocus.com/bid/23357
www.securityfocus.com/bid/25159
www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.470053
www.vupen.com/english/advisories/2007/1269
www.vupen.com/english/advisories/2007/2732
exchange.xforce.ibmcloud.com/vulnerabilities/33453
ifsec.blogspot.com/2007/04/php-521-wbmp-file-handling-integer.html
issues.rpath.com/browse/RPL-1268
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10179
Related
