CVE-2006-4484

gd: GIF handling buffer overflow

Severity Score

9.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array.

Desbordamiento de búfer en la función LWZReadByte_ en ext/gd/libgd/gd_gif_in.c en la extensión GD en PHP anterior a 5.1.5 permite a atacantes remotos tener un impacto desconocido mediante un fichero GIF con input_code_size mayor que MAX_LWZ_BITS, lo cual dispara un desbordamiento al inicializar el array tabla.

The file_exists and imap_reopen functions in PHP before version 5.1.5 do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings. A buffer overflow in the LWZReadByte function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before version 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

High

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2006-08-31 CVE Reserved
2006-08-31 CVE Published
2024-08-07 CVE Updated
2024-08-07 First Exploit
2025-07-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CAPEC

References (51)

URL	Tag	Source
http://secunia.com/advisories/22039	Third Party Advisory
http://secunia.com/advisories/22069	Third Party Advisory
http://secunia.com/advisories/22225	Third Party Advisory
http://secunia.com/advisories/22440	Third Party Advisory
http://secunia.com/advisories/22487	Third Party Advisory
http://secunia.com/advisories/22538	Third Party Advisory
http://secunia.com/advisories/28768	Third Party Advisory
http://secunia.com/advisories/28838	Third Party Advisory
http://secunia.com/advisories/28845	Third Party Advisory
http://secunia.com/advisories/28866	Third Party Advisory
http://secunia.com/advisories/28959	Third Party Advisory
http://secunia.com/advisories/29157	Third Party Advisory
http://secunia.com/advisories/29242	Third Party Advisory
http://secunia.com/advisories/29546	Third Party Advisory
http://secunia.com/advisories/30717	Third Party Advisory
http://securitytracker.com/id?1016984	Vdb Entry
http://support.avaya.com/elmodocs2/security/ASA-2006-222.htm	X_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2006-223.htm	X_refsource_confirm
http://wiki.rpath.com/Advisories:rPSA-2008-0046	X_refsource_confirm
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0046	X_refsource_confirm
http://www.php.net/ChangeLog-5.php#5.1.5	X_refsource_confirm
http://www.securityfocus.com/archive/1/447866/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/487683/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/488008/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/19582	Vdb Entry
http://www.vupen.com/english/advisories/2006/3318	Vdb Entry
https://issues.rpath.com/browse/RPL-2218	X_refsource_confirm
https://issues.rpath.com/browse/RPL-683	X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9004	Signature

URL	Date	SRC
http://bugs.php.net/bug.php?id=38112	2024-08-07

URL	Date	SRC
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_gif_in.c?r1=1.10&r2=1.11	2018-10-30
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_gif_in.c?view=log	2018-10-30
http://secunia.com/advisories/21546	2018-10-30
http://www.php.net/release_5_1_5.php	2018-10-30

URL	Date	SRC
ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc	2018-10-30
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html	2018-10-30
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html	2018-10-30
http://rhn.redhat.com/errata/RHSA-2006-0688.html	2018-10-30
http://secunia.com/advisories/21768	2018-10-30
http://secunia.com/advisories/21842	2018-10-30
http://www.mandriva.com/security/advisories?name=MDKSA-2006:162	2018-10-30
http://www.mandriva.com/security/advisories?name=MDVSA-2008:038	2018-10-30
http://www.mandriva.com/security/advisories?name=MDVSA-2008:077	2018-10-30
http://www.novell.com/linux/security/advisories/2006_52_php.html	2018-10-30
http://www.novell.com/linux/security/advisories/2008_13_sr.html	2018-10-30
http://www.redhat.com/support/errata/RHSA-2008-0146.html	2018-10-30
http://www.turbolinux.com/security/2006/TLSA-2006-38.txt	2018-10-30
http://www.ubuntu.com/usn/usn-342-1	2018-10-30
https://bugzilla.redhat.com/show_bug.cgi?id=431568	2008-02-28
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00502.html	2018-10-30
https://access.redhat.com/security/cve/CVE-2006-4484	2008-02-28

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				5.1.0 Search vendor "Php" for product "Php" and version "5.1.0"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				5.1.1 Search vendor "Php" for product "Php" and version "5.1.1"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				5.1.2 Search vendor "Php" for product "Php" and version "5.1.2"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				5.1.4 Search vendor "Php" for product "Php" and version "5.1.4"		-		Affected