Detections
Analytics
Scientific Linux Security Update : gd on SL4.x, SL5.x i386/x86_64
high Nessus Plugin ID 60367
Language:
Synopsis
The remote Scientific Linux host is missing one or more security updates.Description
Multiple issues were discovered in the gd GIF image-handling code. A carefully-crafted GIF file could cause a crash or possibly execute code with the privileges of the application using the gd library.(CVE-2006-4484, CVE-2007-3475, CVE-2007-3476)
An integer overflow was discovered in the gdImageCreateTrueColor() function, leading to incorrect memory allocations. A carefully crafted image could cause a crash or possibly execute code with the privileges of the application using the gd library. (CVE-2007-3472)
A buffer over-read flaw was discovered. This could cause a crash in an application using the gd library to render certain strings using a JIS-encoded font. (CVE-2007-0455)
A flaw was discovered in the gd PNG image handling code. A truncated PNG image could cause an infinite loop in an application using the gd library. (CVE-2007-2756)
A flaw was discovered in the gd X BitMap (XBM) image-handling code. A malformed or truncated XBM image could cause a crash in an application using the gd library. (CVE-2007-3473)
Solution
Update the affected gd, gd-devel and / or gd-progs packages.See Also
Plugin Details
Severity: High
ID: 60367
File Name: sl_20080228_gd_on_SL4_x.nasl
Version: 1.6
Type: local
Agent: unix
Published: 8/1/2012
Updated: 1/14/2021
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: x-cpe:/o:fermilab:scientific_linux
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/RedHat/release, Host/RedHat/rpm-list
Patch Publication Date: 2/28/2008
Reference Information
CVE: CVE-2006-4484, CVE-2007-0455, CVE-2007-2756, CVE-2007-3472, CVE-2007-3473, CVE-2007-3475, CVE-2007-3476