Debian: DSA-1936-1 Critical: libgd2 Buffer Overflow DoS Threat
debian
November 17, 2009
Several vulnerabilities have been discovered in libgd2, a library for programmatic graphics creation and manipulation
Topics Covered
Summary
Several vulnerabilities have been discovered in libgd2, a library for
programmatic graphics creation and manipulation. The Common
Vulnerabilities and Exposures project identifies the following problems:
CVE-2007-0455
Kees Cook discovered a buffer overflow in libgd2's font renderer. An
attacker could cause denial of service (application crash) and
possibly execute arbitrary code via a crafted string with a JIS
encoded font. This issue only affects the oldstable distribution
(etch).
CVE-2009-3546
Tomas Hoger discovered a boundary error in the "_gdGetColors()"
function. An attacker could conduct a buffer overflow or buffer
over-read attacks via a crafted GD file.
For the oldstable distribution (etch), these problems have been fixed in
version 2.0.33-5.2etch2.
For the stable distribution (lenny), these problems have been fixed in
version 2.0.36~rc1~dfsg-3+lenny1.
For the upcoming stable distribution (squeeze) and the unstable
distribution ion (sid), these problems have been fixed in v...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: libgd2
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!