Lucene search

K

Veracode Vulnerability DatabaseVERACODE:23084

HistoryApr 10, 2020 - 12:15 a.m.

Arbitrary Code Execution

2020-04-1000:15:22

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

6

0.031 Low

EPSS

Percentile

91.1%

php is vulnerable to arbtirary code execution. A heap based buffer overflow flaw was discovered in PHP’s gd extension. A script that could be forced to process WBMP images from an untrusted source could result in arbitrary code execution.

CPENameOperatorVersion
phpeq5.1.6__7.el5
phpeq5.1.4__1.el4s1.4
phpeq5.1.4__1.el4s1.5
phpeq5.1.4__1.el4s1.2
phpeq5.1.6__5.el5
phpeq5.1.6__7.el5
phpeq5.1.4__1.el4s1.4
phpeq5.1.4__1.el4s1.5
phpeq5.1.4__1.el4s1.2
phpeq5.1.6__5.el5

References

cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/wbmp.c?r1=1.2.4.1&r2=1.2.4.1.8.1

cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/wbmp.c?revision=1.2.4.1.8.1&view=markup

docs.info.apple.com/article.html?artnum=306172

ifsec.blogspot.com/2007/04/php-521-wbmp-file-handling-integer.html

lists.apple.com/archives/security-announce//2007/Jul/msg00004.html

rhn.redhat.com/errata/RHSA-2007-0155.html

secunia.com/advisories/24814

secunia.com/advisories/24909

secunia.com/advisories/24924

secunia.com/advisories/24945

secunia.com/advisories/24965

secunia.com/advisories/25056

secunia.com/advisories/25151

secunia.com/advisories/25445

secunia.com/advisories/26235

security.gentoo.org/glsa/glsa-200705-19.xml

us2.php.net/releases/4_4_7.php

us2.php.net/releases/5_2_2.php

www.mandriva.com/security/advisories?name=MDKSA-2007:087

www.mandriva.com/security/advisories?name=MDKSA-2007:088

www.mandriva.com/security/advisories?name=MDKSA-2007:089

www.mandriva.com/security/advisories?name=MDKSA-2007:090

www.novell.com/linux/security/advisories/2007_32_php.html

www.redhat.com/security/updates/classification/#moderate

www.redhat.com/support/errata/RHSA-2007-0153.html

www.redhat.com/support/errata/RHSA-2007-0162.html

www.securityfocus.com/archive/1/464957/100/0/threaded

www.securityfocus.com/archive/1/466166/100/0/threaded

www.securityfocus.com/bid/23357

www.securityfocus.com/bid/25159

www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.470053

www.vupen.com/english/advisories/2007/1269

www.vupen.com/english/advisories/2007/2732

access.redhat.com/errata/RHSA-2007:0162

exchange.xforce.ibmcloud.com/vulnerabilities/33453

issues.rpath.com/browse/RPL-1268

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10179

0.031 Low

EPSS

Percentile

91.1%

Related for VERACODE:23084

prion1 cvelist1 debiancve1 openvas20 nessus18 slackware1 ubuntucve1 cve1 securityvulns2 freebsd1 nvd1 redhat3 centos2 fedora3 oraclelinux2 f52 gentoo1 suse1 seebug1