OpenPKG Security Advisory
OpenPKG-SA-2007.016
Publisher Name: OpenPKG GmbH Publisher Home: http://openpkg.com/ Advisory Id (public): OpenPKG-SA-2007.016 Advisory Type: OpenPKG Security Advisory (SA) Advisory Directory: http://openpkg.com/go/OpenPKG-SA Advisory Document: http://openpkg.com/go/OpenPKG-SA-2007.016 Advisory Published: 2008-08-07 22:03 UTC Issue Id (internal): OpenPKG-SI-20070518.02 Issue First Created: 2007-05-18 Issue Last Modified: 2007-05-18 Issue Revision: 03
Subject Name: libgd Subject Summary: Fast Graphics Generation Library Subject Home: http://www.libgd.org/ Subject Versions: * <= 2.0.33 Vulnerability Id: CVE-2007-0455 Vulnerability Scope: global (not OpenPKG specific) Attack Feasibility: run-time Attack Vector: remote network Attack Impact: denial of service Description: Multiple security issues exist in the fast graphics generation library libgd (aka GD) [0], versions up to and including 2.0.33. The issues include 32-bit multiplication overflow vulnerabilities, memory allocation errors that were not checked, DoS via corrupt GIF images and malformed or empty PNG images, "gdImageFillToBorder" crashed when the color was not opaque, crashes on antialiased lines drawn on an images edge, and "gdImageFill" crashed when used with patterns or invalid arguments [1][2]. References: [0] http://www.libgd.org/ [1] http://www.libgd.org/ReleaseNote020034 [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0455
Primary Package Name: gd Primary Package Home: http://openpkg.org/go/package/gd Affected Distribution: Affected Branch: Affected Package: OpenPKG Enterprise E1.0-SOLID gd-2.0.33-E1.0.0 OpenPKG Community CURRENT gd-2.0.33-20061013 Corrected Distribution: Corrected Branch: Corrected Package: OpenPKG Enterprise E1.0-SOLID gd-2.0.33-E1.0.1 OpenPKG Community CURRENT gd-2.0.34-20070207
