CVE-2007-0455

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font.

References

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=224607

http://fedoranews.org/cms/node/2631

http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html

http://lists.rpath.com/pipermail/security-announce/2007-February/000145.html

http://rhn.redhat.com/errata/RHSA-2007-0155.html

http://secunia.com/advisories/23916

http://secunia.com/advisories/24022

http://secunia.com/advisories/24052

http://secunia.com/advisories/24053

http://secunia.com/advisories/24107

http://secunia.com/advisories/24143

http://secunia.com/advisories/24151

http://secunia.com/advisories/24924

http://secunia.com/advisories/24945

http://secunia.com/advisories/24965

http://secunia.com/advisories/25575

http://secunia.com/advisories/29157

http://secunia.com/advisories/42813

http://www.mandriva.com/security/advisories?name=MDKSA-2007:035

http://www.mandriva.com/security/advisories?name=MDKSA-2007:036

http://www.mandriva.com/security/advisories?name=MDKSA-2007:038

http://www.mandriva.com/security/advisories?name=MDKSA-2007:109

http://www.redhat.com/support/errata/RHSA-2007-0153.html

http://www.redhat.com/support/errata/RHSA-2007-0162.html

http://www.redhat.com/support/errata/RHSA-2008-0146.html

http://www.securityfocus.com/archive/1/466166/100/0/threaded

http://www.securityfocus.com/bid/22289

http://www.trustix.org/errata/2007/0007

http://www.ubuntu.com/usn/usn-473-1

http://www.vupen.com/english/advisories/2007/0400

http://www.vupen.com/english/advisories/2011/0022

https://issues.rpath.com/browse/RPL-1030

https://issues.rpath.com/browse/RPL-1268

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11303

Details

Source: MITRE

Published: 2007-01-30

Updated: 2018-10-16

Type: CWE-119

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (25 total)

IDNameProductFamilySeverity
109432Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : libwmf (SSA:2018-120-01)NessusSlackware Local Security Checks
high
86635Amazon Linux AMI : libwmf (ALAS-2015-604)NessusAmazon Linux Local Security Checks
high
84782FreeBSD : libwmf -- multiple vulnerabilities (ca139c7f-2a8c-11e5-a4a5-002590263bf5)NessusFreeBSD Local Security Checks
critical
78215F5 Networks BIG-IP : Multiple PHP vulnerabilities (SOL7859)NessusF5 Networks Local Security Checks
high
67657Oracle Linux 4 / 5 : gd (ELSA-2008-0146)NessusOracle Linux Local Security Checks
high
67471Oracle Linux 3 / 4 : php (ELSA-2007-0155)NessusOracle Linux Local Security Checks
high
60367Scientific Linux Security Update : gd on SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
high
51415Fedora 14 : libwmf-0.2.8.4-27.fc14 (2010-19033)NessusFedora Local Security Checks
high
51414Fedora 13 : libwmf-0.2.8.4-22.fc13 (2010-19022)NessusFedora Local Security Checks
high
44801Debian DSA-1936-1 : libgd2 - several vulnerabilitiesNessusDebian Local Security Checks
high
31310CentOS 4 / 5 : gd (CESA-2008:0146)NessusCentOS Local Security Checks
high
31306RHEL 4 / 5 : gd (RHSA-2008:0146)NessusRed Hat Local Security Checks
high
28074Ubuntu 6.06 LTS / 6.10 / 7.04 : libgd2 vulnerabilities (USN-473-1)NessusUbuntu Local Security Checks
high
25325RHEL 5 : php (RHSA-2007:0153)NessusRed Hat Local Security Checks
high
25311Mandrake Linux Security Advisory : tetex (MDKSA-2007:109)NessusMandriva Local Security Checks
high
3982PHP 4.x < 4.4.7 / 5.x < 5.2.2 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
high
25159PHP < 4.4.7 / 5.2.2 Multiple VulnerabilitiesNessusCGI abuses
high
25095CentOS 5 : php (CESA-2007:0153)NessusCentOS Local Security Checks
high
25068RHEL 3 / 4 : php (RHSA-2007:0155)NessusRed Hat Local Security Checks
high
25043CentOS 3 / 4 : php (CESA-2007:0155)NessusCentOS Local Security Checks
high
24651Mandrake Linux Security Advisory : php (MDKSA-2007:038)NessusMandriva Local Security Checks
high
24649Mandrake Linux Security Advisory : libwmf (MDKSA-2007:036)NessusMandriva Local Security Checks
high
24648Mandrake Linux Security Advisory : gd (MDKSA-2007:035)NessusMandriva Local Security Checks
high
24325Fedora Core 5 : gd-2.0.33-7.fc5 (2007-150)NessusFedora Local Security Checks
high
801085PHP < 4.4.7 / 5.2.2 Multiple VulnerabilitiesLog Correlation EngineWeb Servers
high