This script is Copyright (C) 2008-2014 Tenable Network Security, Inc.
The remote Red Hat host is missing one or more security updates.
Updated gd packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the
Red Hat Security Response Team.
The gd package contains a graphics library used for the dynamic
creation of images such as PNG and JPEG.
Multiple issues were discovered in the gd GIF image-handling code. A
carefully-crafted GIF file could cause a crash or possibly execute
code with the privileges of the application using the gd library.
(CVE-2006-4484, CVE-2007-3475, CVE-2007-3476)
An integer overflow was discovered in the gdImageCreateTrueColor()
function, leading to incorrect memory allocations. A carefully crafted
image could cause a crash or possibly execute code with the privileges
of the application using the gd library. (CVE-2007-3472)
A buffer over-read flaw was discovered. This could cause a crash in an
application using the gd library to render certain strings using a
JIS-encoded font. (CVE-2007-0455)
A flaw was discovered in the gd PNG image handling code. A truncated
PNG image could cause an infinite loop in an application using the gd
A flaw was discovered in the gd X BitMap (XBM) image-handling code. A
malformed or truncated XBM image could cause a crash in an application
using the gd library. (CVE-2007-3473)
Users of gd should upgrade to these updated packages, which contain
backported patches which resolve these issues.
See also :
Update the affected gd, gd-devel and / or gd-progs packages.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 5.5
Public Exploit Available : false