// For flags

CVE-2007-2756

gd / php-gd ImageCreateFromPng infinite loop caused by truncated PNG

Severity Score

6.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service (CPU consumption) via a crafted PNG image with truncated data, which causes an infinite loop in the png_read_info function in libpng.

La función gdPngReadData del libgd 2.0.34 permite a atacantes con la intervención del usuario provocar una denegación de servicio (agotamiento de CPU) a través de imágenes PNG modificadas con datos truncados, lo que provoca un bucle infinito en la función png_read_info del libpng.

New libwmf packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-05-18 CVE Reserved
  • 2007-05-18 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CAPEC
References (64)
URL Tag Source
http://osvdb.org/35788 Vdb Entry
http://osvdb.org/36643 Vdb Entry
http://secunia.com/advisories/25353 Third Party Advisory
http://secunia.com/advisories/25362 Third Party Advisory
http://secunia.com/advisories/25378 Third Party Advisory
http://secunia.com/advisories/25535 Third Party Advisory
http://secunia.com/advisories/25575 Third Party Advisory
http://secunia.com/advisories/25590 Third Party Advisory
http://secunia.com/advisories/25646 Third Party Advisory
http://secunia.com/advisories/25657 Third Party Advisory
http://secunia.com/advisories/25658 Third Party Advisory
http://secunia.com/advisories/25787 Third Party Advisory
http://secunia.com/advisories/25855 Third Party Advisory
http://secunia.com/advisories/26048 Third Party Advisory
http://secunia.com/advisories/26231 Third Party Advisory
http://secunia.com/advisories/26390 Third Party Advisory
http://secunia.com/advisories/26871 Third Party Advisory
http://secunia.com/advisories/26895 Third Party Advisory
http://secunia.com/advisories/26930 Third Party Advisory
http://secunia.com/advisories/26967 Third Party Advisory
http://secunia.com/advisories/27037 Third Party Advisory
http://secunia.com/advisories/27102 Third Party Advisory
http://secunia.com/advisories/27110 Third Party Advisory
http://secunia.com/advisories/27545 Third Party Advisory
http://secunia.com/advisories/29157 Third Party Advisory
http://secunia.com/advisories/30168 Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2007-449.htm X_refsource_confirm
http://www.libgd.org/ReleaseNote020035 X_refsource_confirm
http://www.php.net/releases/5_2_3.php X_refsource_confirm
http://www.securityfocus.com/bid/24089 Vdb Entry
http://www.securitytracker.com/id?1018187 Vdb Entry
http://www.vupen.com/english/advisories/2007/1904 Vdb Entry
http://www.vupen.com/english/advisories/2007/1905 Vdb Entry
http://www.vupen.com/english/advisories/2007/2016 Vdb Entry
http://www.vupen.com/english/advisories/2007/2336 Vdb Entry
http://www.vupen.com/english/advisories/2007/3386 Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/34420 Vdb Entry
https://issues.rpath.com/browse/RPL-1394 X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10779 Signature
URL Date SRC
URL Date SRC
http://bugs.libgd.org/?do=details&task_id=86 2017-10-11
URL Date SRC
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 2017-10-11
http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html 2017-10-11
http://rhn.redhat.com/errata/RHSA-2007-0889.html 2017-10-11
http://security.gentoo.org/glsa/glsa-200708-05.xml 2017-10-11
http://security.gentoo.org/glsa/glsa-200711-34.xml 2017-10-11
http://security.gentoo.org/glsa/glsa-200805-13.xml 2017-10-11
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.482863 2017-10-11
http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml 2017-10-11
http://www.mandriva.com/security/advisories?name=MDKSA-2007:122 2017-10-11
http://www.mandriva.com/security/advisories?name=MDKSA-2007:123 2017-10-11
http://www.mandriva.com/security/advisories?name=MDKSA-2007:124 2017-10-11
http://www.mandriva.com/security/advisories?name=MDKSA-2007:187 2017-10-11
http://www.novell.com/linux/security/advisories/2007_13_sr.html 2017-10-11
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.020.html 2017-10-11
http://www.redhat.com/support/errata/RHSA-2007-0890.html 2017-10-11
http://www.redhat.com/support/errata/RHSA-2007-0891.html 2017-10-11
http://www.redhat.com/support/errata/RHSA-2008-0146.html 2017-10-11
http://www.trustix.org/errata/2007/0019 2017-10-11
http://www.trustix.org/errata/2007/0023 2017-10-11
http://www.ubuntu.com/usn/usn-473-1 2017-10-11
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00354.html 2017-10-11
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html 2017-10-11
https://access.redhat.com/security/cve/CVE-2007-2756 2008-02-28
https://bugzilla.redhat.com/show_bug.cgi?id=242033 2008-02-28
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Libgd
Search vendor "Libgd"
 Libgd
Search vendor "Libgd" for product "Libgd"
 2.0.34
Search vendor "Libgd" for product "Libgd" and version "2.0.34"
-
Affected