CVE-2007-3996

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function.

References

http://bugs.gentoo.org/show_bug.cgi?id=201546

http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html

http://rhn.redhat.com/errata/RHSA-2007-0889.html

http://secunia.com/advisories/26642

http://secunia.com/advisories/26822

http://secunia.com/advisories/26838

http://secunia.com/advisories/26871

http://secunia.com/advisories/26895

http://secunia.com/advisories/26930

http://secunia.com/advisories/26967

http://secunia.com/advisories/27102

http://secunia.com/advisories/27351

http://secunia.com/advisories/27377

http://secunia.com/advisories/27545

http://secunia.com/advisories/28009

http://secunia.com/advisories/28147

http://secunia.com/advisories/28658

http://secunia.com/advisories/31168

http://security.gentoo.org/glsa/glsa-200712-13.xml

http://securityreason.com/securityalert/3103

http://secweb.se/en/advisories/php-imagecopyresized-integer-overflow/

http://secweb.se/en/advisories/php-imagecreatetruecolor-integer-overflow/

http://support.avaya.com/elmodocs2/security/ASA-2007-449.htm

http://www.debian.org/security/2008/dsa-1613

http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml

http://www.mandriva.com/security/advisories?name=MDKSA-2007:187

http://www.php.net/ChangeLog-5.php#5.2.4

http://www.php.net/releases/5_2_4.php

http://www.redhat.com/support/errata/RHSA-2007-0888.html

http://www.redhat.com/support/errata/RHSA-2007-0890.html

http://www.redhat.com/support/errata/RHSA-2007-0891.html

http://www.trustix.org/errata/2007/0026/

http://www.ubuntu.com/usn/usn-557-1

http://www.vupen.com/english/advisories/2007/3023

https://exchange.xforce.ibmcloud.com/vulnerabilities/36382

https://exchange.xforce.ibmcloud.com/vulnerabilities/36383

https://issues.rpath.com/browse/RPL-1693

https://issues.rpath.com/browse/RPL-1702

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11147

https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00354.html

Details

Source: MITRE

Published: 2007-09-04

Updated: 2017-09-29

Type: CWE-189

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions up to 5.2.3 (inclusive)

Tenable Plugins

View all (21 total)

IDNameProductFamilySeverity
67570Oracle Linux 4 / 5 : php (ELSA-2007-0890)NessusOracle Linux Local Security Checks
high
67569Oracle Linux 3 : php (ELSA-2007-0889)NessusOracle Linux Local Security Checks
high
60257Scientific Linux Security Update : php on SL3.x i386/x86_64NessusScientific Linux Local Security Checks
high
60255Scientific Linux Security Update : php on SL5.x, SL4.x i386/x86_64NessusScientific Linux Local Security Checks
high
41187SuSE9 Security Update : PHP4 (YOU Patch Number 12049)NessusSuSE Local Security Checks
high
36665Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : php5 vulnerabilities (USN-720-1)NessusUbuntu Local Security Checks
critical
33552Debian DSA-1613-1 : libgd2 - multiple vulnerabilitiesNessusDebian Local Security Checks
medium
30092openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-4909)NessusSuSE Local Security Checks
high
29878openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-4810)NessusSuSE Local Security Checks
high
29780SuSE 10 Security Update : PHP5 (ZYPP Patch Number 4808)NessusSuSE Local Security Checks
high
29739Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : libgd2 vulnerability (USN-557-1)NessusUbuntu Local Security Checks
medium
28181PHP < 5.2.5 Multiple VulnerabilitiesNessusCGI abuses
medium
27564RHEL 2.1 : php (RHSA-2007:0888)NessusRed Hat Local Security Checks
medium
26942GLSA-200710-02 : PHP: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
26204CentOS 3 : php (CESA-2007:0889)NessusCentOS Local Security Checks
high
26191RHEL 3 : php (RHSA-2007:0889)NessusRed Hat Local Security Checks
high
26115Fedora Core 6 : php-5.1.6-3.7.fc6 (2007-709)NessusFedora Local Security Checks
high
26110RHEL 4 / 5 : php (RHSA-2007:0890)NessusRed Hat Local Security Checks
high
26107Mandrake Linux Security Advisory : php (MDKSA-2007:187)NessusMandriva Local Security Checks
critical
26075CentOS 4 / 5 : php (CESA-2007:0890)NessusCentOS Local Security Checks
high
26038FreeBSD : php -- multiple vulnerabilities (71d903fc-602d-11dc-898c-001921ab2fa4)NessusFreeBSD Local Security Checks
high