CVSS: 2.6EPSS: 1%CPEs: 9EXPL: 0CVE-2007-3474
https://notcve.org/view.php?id=CVE-2007-3474
Multiple unspecified vulnerabilities in the GIF reader in the GD Graphics Library (libgd) before 2.0.35 have unspecified impact and user-assisted remote attack vectors. Múltiples vulnerabilidades no especificadas en GD Graphics Library (libgd) anterior a versión 2.0.35, tienen un impacto no especificado y vectores de ataque remoto asistidos por el usuario. • ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz http://fedoranews.org/updates/FEDORA-2007-205.shtml http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html http://osvdb.org/37743 http://secunia.com/advisories/25855 http://secunia.com/advisories/25860 http://secunia.com/advisories/26272 http://secunia.com/advisories/26390 htt •
CVSS: 4.3EPSS: 11%CPEs: 9EXPL: 0CVE-2007-3472 – libgd Integer overflow in TrueColor code
https://notcve.org/view.php?id=CVE-2007-3472
Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified attack vectors and impact. Un desbordamiento enteros en la función gdImageCreateTrueColor en GD Graphics Library (libgd) anterior a versión 2.0.35 permite a los atacantes remotos asistidos por el usuario tener vectores de ataque no especificados y un impacto. • ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz http://bugs.libgd.org/?do=details&task_id=89 http://fedoranews.org/updates/FEDORA-2007-205.shtml http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html http://osvdb.org/37745 http://secunia.com/advisories/25855 http://secunia.com/advisories/25860 http://secunia.com/a • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 5.0EPSS: 2%CPEs: 9EXPL: 1CVE-2007-3477
https://notcve.org/view.php?id=CVE-2007-3477
The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allow attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value. Las funciones (a) imagearc y (b) imagefilledarc en GD Graphics Library (libgd) anterior a versión 2.0.35, permiten a los atacantes causar una denegación de servicio (consumo de CPU) por medio de un largo valor (1) de inicio o (2) de grado de ángulo final. • ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz http://bugs.libgd.org/?do=details&task_id=74 http://bugs.libgd.org/?do=details&task_id=92 http://fedoranews.org/updates/FEDORA-2007-205.shtml http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html http://osvdb.org/42062 http://secunia.com/advisories/25860 http:/ • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 8%CPEs: 1EXPL: 0CVE-2007-2756 – gd / php-gd ImageCreateFromPng infinite loop caused by truncated PNG
https://notcve.org/view.php?id=CVE-2007-2756
The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service (CPU consumption) via a crafted PNG image with truncated data, which causes an infinite loop in the png_read_info function in libpng. La función gdPngReadData del libgd 2.0.34 permite a atacantes con la intervención del usuario provocar una denegación de servicio (agotamiento de CPU) a través de imágenes PNG modificadas con datos truncados, lo que provoca un bucle infinito en la función png_read_info del libpng. • http://bugs.libgd.org/?do=details&task_id=86 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html http://osvdb.org/35788 http://osvdb.org/36643 http://rhn.redhat.com/errata/RHSA-2007-0889.html http://secunia.com/advisories/25353 http://secunia.com/advisories/25362 http://secunia.com/advisories/25378 http://secunia.com/advisories/25535 http://secunia.com/advisories/25575&# • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •