// For flags

CVE-2006-4484

gd: GIF handling buffer overflow

Severity Score

2.6
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array.

Desbordamiento de búfer en la función LWZReadByte_ en ext/gd/libgd/gd_gif_in.c en la extensión GD en PHP anterior a 5.1.5 permite a atacantes remotos tener un impacto desconocido mediante un fichero GIF con input_code_size mayor que MAX_LWZ_BITS, lo cual dispara un desbordamiento al inicializar el array tabla.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2006-08-31 CVE Reserved
  • 2006-08-31 CVE Published
  • 2023-09-19 EPSS Updated
  • 2024-08-07 CVE Updated
  • 2024-08-07 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
References (51)
URL Tag Source
http://secunia.com/advisories/22039 Third Party Advisory
http://secunia.com/advisories/22069 Third Party Advisory
http://secunia.com/advisories/22225 Third Party Advisory
http://secunia.com/advisories/22440 Third Party Advisory
http://secunia.com/advisories/22487 Third Party Advisory
http://secunia.com/advisories/22538 Third Party Advisory
http://secunia.com/advisories/28768 Third Party Advisory
http://secunia.com/advisories/28838 Third Party Advisory
http://secunia.com/advisories/28845 Third Party Advisory
http://secunia.com/advisories/28866 Third Party Advisory
http://secunia.com/advisories/28959 Third Party Advisory
http://secunia.com/advisories/29157 Third Party Advisory
http://secunia.com/advisories/29242 Third Party Advisory
http://secunia.com/advisories/29546 Third Party Advisory
http://secunia.com/advisories/30717 Third Party Advisory
http://securitytracker.com/id?1016984 Vdb Entry
http://support.avaya.com/elmodocs2/security/ASA-2006-222.htm X_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2006-223.htm X_refsource_confirm
http://wiki.rpath.com/Advisories:rPSA-2008-0046 X_refsource_confirm
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0046 X_refsource_confirm
http://www.php.net/ChangeLog-5.php#5.1.5 X_refsource_confirm
http://www.securityfocus.com/archive/1/447866/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/487683/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/488008/100/0/threaded Mailing List
http://www.securityfocus.com/bid/19582 Vdb Entry
http://www.vupen.com/english/advisories/2006/3318 Vdb Entry
https://issues.rpath.com/browse/RPL-2218 X_refsource_confirm
https://issues.rpath.com/browse/RPL-683 X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9004 Signature
URL Date SRC
http://bugs.php.net/bug.php?id=38112 2024-08-07
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.1.0
Search vendor "Php" for product "Php" and version "5.1.0"
-
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.1.1
Search vendor "Php" for product "Php" and version "5.1.1"
-
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.1.2
Search vendor "Php" for product "Php" and version "5.1.2"
-
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
5.1.4
Search vendor "Php" for product "Php" and version "5.1.4"
-
Affected