Debian Bug report logs - #443456
CVE-2007-3996 integer overflows in multiple functions

version graph

Package: libgd2; Maintainer for libgd2 is GD team <pkg-gd-devel@lists.alioth.debian.org>;

Reported by: Nico Golde <nion@debian.org>

Date: Fri, 21 Sep 2007 13:54:04 UTC

Severity: important

Tags: security

Found in version 2.0.33-1.1sarge1

Fixed in version 2.0.35.dfsg-1

Done: Ondřej Surý <ondrej@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, GD team <pkg-gd-devel@lists.alioth.debian.org>:
Bug#443456; Package libgd2. Full text and rfc822 format available.

Acknowledgement sent to Nico Golde <nion@debian.org>:
New Bug report received and forwarded. Copy sent to GD team <pkg-gd-devel@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: submit@bugs.debian.org
Subject: CVE-2007-3996 integer overflows in multiple functions
Date: Fri, 21 Sep 2007 15:51:55 +0200
[Message part 1 (text/plain, inline)]
Package: libgd2
Severity: important
Tags: security

Hi,
a CVE has been issued for libgd:
CVE-2007-3996[0]:
Multiple integer overflows in libgd in PHP before 5.2.4 
allow remote attackers to cause a denial of service 
(application crash) and possibly execute arbitrary code via 
a large (1) srcW or (2) srcH value to the (a) 
gdImageCopyResized function, or a large (3) sy (height) or 
(4) sx (width) value to the (b) gdImageCreate or the (c) 
gdImageCreateTrueColor function.

I can confirm this bug for Debian with looking at the souce 
code.

If you fix this bug please include the CVE id in the 
changelog.

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3996

Kind regards
Nico
-- 
Nico Golde - http://ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]

Bug marked as fixed in version 2.0.35.dfsg-1. Request was from Nico Golde <nion@debian.org> to control@bugs.debian.org. (Sat, 29 Sep 2007 12:18:06 GMT) Full text and rfc822 format available.

Bug marked as found in version 2.0.33-1.1sarge1. Request was from Nico Golde <nion@debian.org> to control@bugs.debian.org. (Sat, 29 Sep 2007 12:18:08 GMT) Full text and rfc822 format available.

Marked Bug as done Request was from Ondřej Surý <ondrej@debian.org> to control@bugs.debian.org. (Fri, 12 Apr 2013 06:36:04 GMT) Full text and rfc822 format available.

Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer. (Fri, 12 Apr 2013 06:36:05 GMT) Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 10 May 2013 07:27:04 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 24 21:32:36 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.