CVE-2006-4484

gd: GIF handling buffer overflow

Severity Score

2.6

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array.

Desbordamiento de búfer en la función LWZReadByte_ en ext/gd/libgd/gd_gif_in.c en la extensión GD en PHP anterior a 5.1.5 permite a atacantes remotos tener un impacto desconocido mediante un fichero GIF con input_code_size mayor que MAX_LWZ_BITS, lo cual dispara un desbordamiento al inicializar el array tabla.

*Credits: N/A

CVSS Scores

NISTv2 2.6

Attack Vector

Network

Attack Complexity

High

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2006-08-31 CVE Reserved
2006-08-31 CVE Published
2023-09-19 EPSS Updated
2024-08-07 CVE Updated
2024-08-07 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CAPEC

References (51)

URL	Tag	Source
http://secunia.com/advisories/22039	Third Party Advisory
http://secunia.com/advisories/22069	Third Party Advisory
http://secunia.com/advisories/22225	Third Party Advisory
http://secunia.com/advisories/22440	Third Party Advisory
http://secunia.com/advisories/22487	Third Party Advisory
http://secunia.com/advisories/22538	Third Party Advisory
http://secunia.com/advisories/28768	Third Party Advisory
http://secunia.com/advisories/28838	Third Party Advisory
http://secunia.com/advisories/28845	Third Party Advisory
http://secunia.com/advisories/28866	Third Party Advisory
http://secunia.com/advisories/28959	Third Party Advisory
http://secunia.com/advisories/29157	Third Party Advisory
http://secunia.com/advisories/29242	Third Party Advisory
http://secunia.com/advisories/29546	Third Party Advisory
http://secunia.com/advisories/30717	Third Party Advisory
http://securitytracker.com/id?1016984	Vdb Entry
http://support.avaya.com/elmodocs2/security/ASA-2006-222.htm	X_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2006-223.htm	X_refsource_confirm
http://wiki.rpath.com/Advisories:rPSA-2008-0046	X_refsource_confirm
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0046	X_refsource_confirm
http://www.php.net/ChangeLog-5.php#5.1.5	X_refsource_confirm
http://www.securityfocus.com/archive/1/447866/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/487683/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/488008/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/19582	Vdb Entry
http://www.vupen.com/english/advisories/2006/3318	Vdb Entry
https://issues.rpath.com/browse/RPL-2218	X_refsource_confirm
https://issues.rpath.com/browse/RPL-683	X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9004	Signature

URL	Date	SRC
http://bugs.php.net/bug.php?id=38112	2024-08-07

URL	Date	SRC
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_gif_in.c?r1=1.10&r2=1.11	2018-10-30
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_gif_in.c?view=log	2018-10-30
http://secunia.com/advisories/21546	2018-10-30
http://www.php.net/release_5_1_5.php	2018-10-30

URL	Date	SRC
ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc	2018-10-30
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html	2018-10-30
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html	2018-10-30
http://rhn.redhat.com/errata/RHSA-2006-0688.html	2018-10-30
http://secunia.com/advisories/21768	2018-10-30
http://secunia.com/advisories/21842	2018-10-30
http://www.mandriva.com/security/advisories?name=MDKSA-2006:162	2018-10-30
http://www.mandriva.com/security/advisories?name=MDVSA-2008:038	2018-10-30
http://www.mandriva.com/security/advisories?name=MDVSA-2008:077	2018-10-30
http://www.novell.com/linux/security/advisories/2006_52_php.html	2018-10-30
http://www.novell.com/linux/security/advisories/2008_13_sr.html	2018-10-30
http://www.redhat.com/support/errata/RHSA-2008-0146.html	2018-10-30
http://www.turbolinux.com/security/2006/TLSA-2006-38.txt	2018-10-30
http://www.ubuntu.com/usn/usn-342-1	2018-10-30
https://bugzilla.redhat.com/show_bug.cgi?id=431568	2008-02-28
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00502.html	2018-10-30
https://access.redhat.com/security/cve/CVE-2006-4484	2008-02-28

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				5.1.0 Search vendor "Php" for product "Php" and version "5.1.0"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				5.1.1 Search vendor "Php" for product "Php" and version "5.1.1"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				5.1.2 Search vendor "Php" for product "Php" and version "5.1.2"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				5.1.4 Search vendor "Php" for product "Php" and version "5.1.4"		-		Affected