Mandriva Linux Security Advisory : gd (MDVSA-2008:038)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Buffer overflow in the LWZReadByte() function in gd_gif_in.c in GD
prior to 2.0.34 allows remote attackers to have an unknown impact via
a GIF file with input_code_size greater than MAX_LWZ_BITS, which
triggers an overflow when initializing the table array.

This was originally fixed in PHP's embedded GD with MDKSA-2006:162;
patches had not been applied to the system libgd at that time.

The updated packages have been patched to correct this issue.

Solution :

Update the affected packages.

Risk factor :

Low / CVSS Base Score : 2.6
(CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 2.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Mandriva Local Security Checks

Nessus Plugin ID: 37016 (mandriva_MDVSA-2008-038.nasl)

Bugtraq ID: 19582

CVE ID: CVE-2006-4484

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now