Debian: DSA-1613-1 Critical: Libgd2 Denial Of Service Attack Advisory
debian
July 22, 2008
Grayscale PNG files containing invalid tRNS chunk CRC values
could cause a denial of service (crash), if a maliciously
crafted image is loaded into an application using ...
Topics Covered
Summary
Grayscale PNG files containing invalid tRNS chunk CRC values
could cause a denial of service (crash), if a maliciously
crafted image is loaded into an application using libgd.
CVE-2007-3476
An array indexing error in libgd's GIF handling could induce a
denial of service (crash with heap corruption) if exceptionally
large color index values are supplied in a maliciously crafted
GIF image file.
CVE-2007-3477
The imagearc() and imagefilledarc() routines in libgd allow
an attacker in control of the parameters used to specify
the degrees of arc for those drawing functions to perform
a denial of service attack (excessive CPU consumption).
CVE-2007-3996
Multiple integer overflows exist in libgd's image resizing and
creation routines; these weaknesses allow an attacker in control
of the parameters passed to those routines to induce a crash or
execute arbitrary code with the privileges of the user running
an application o...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!