GD library
In addition, tetex contains an embedded copy of the GD library which
suffers from a number of bugs which potentially lead to denial of
service and possibly other issues.
Integer overflow in gdImageCreateTrueColor function in the GD Graphics
Library (libgd) before 2.0.35 allows user-assisted remote attackers
to have unspecified remote attack vectors and impact. (CVE-2007-3472)
The gdImageCreateXbm function in the GD Graphics Library (libgd)
before 2.0.35 allows user-assisted remote attackers to cause a denial
of service (crash) via unspecified vectors involving a gdImageCreate
GD versions prior to 2.0.35 have a number of bugs which potentially
lead to denial of service and possibly other issues.
Integer overflow in gdImageCreateTrueColor function in the GD Graphics
Library (libgd) before 2.0.35 allows user-assisted remote attackers
to have unspecified remote attack vectors and impact. (CVE-2007-3472)
The gdImageCreateXbm function in the GD Graphics Library (libgd)
before 2.0.35 allows user-assisted remote attackers to cause a denial
of service (crash) via unspecified vectors involving a gdImageCreate
Affected: 2008.0
_______________________________________________________________________
Problem Description:
Use-after-free vulnerability in the embedded GD library in libwmf
0.2.8.4 allows context-dependent attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via a crafted
WMF file (CVE-2009-1364).
The updated packages have been patched to prevent this.
Problem Description:
A vulnerability has been found and corrected in gd:
The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.0, and the
GD Graphics Library 2.x, does not properly verify a certain colorsTotal
structure member, which might allow remote attackers to conduct
buffer overflow or buffer over-read attacks via a crafted GD file,
a different vulnerability than CVE-2009-3293. NOTE: some of these
details are obtained from third party information (CVE-2009-3546).
necessary changes.
Details follow:
Tavis Ormandy discovered that libwmf incorrectly used memory after it had
been freed when using its embedded GD library. If a user or automated
system were tricked into opening a crafted WMF file, an attacker could
cause a denial of service or execute arbitrary code with privileges of the
user invoking the program.
Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
Use-after-free vulnerability in the embedded GD library in libwmf
0.2.8.4 allows context-dependent attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via a crafted
WMF file (CVE-2009-1364).
The updated packages have been patched to prevent this.
Debian-specific: no
Debian bug : 526434
CVE ID : CVE-2009-1364
Tavis Ormandy discovered that the embedded GD library copy in libwmf,
a library to parse windows metafiles (WMF), makes use of a pointer
after it was already freed. An attacker using a crafted WMF file can
cause a denial of service or possibly the execute arbitrary code via
applications using this library.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
The GD library is prone to a buffer overflow vulnerability.
Background
==========
GD is a graphic library for fast image creation.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2007-2799 to this issue.
gd < TSL 3.0.5 > < TSL 3.0 > < TSL 2.2 >
- SECURITY Fix: Some vulnerabilities have been reported in the GD
Graphics Library, where some have unknown impact and others can
potentially be exploited to cause a DoS (SA25855).
Includes fixes for CVE-2007-3472 to CVE-2007-3478.
mutt < TSL 3.0.5 > < TSL 3.0 > < TSL 2.2 >
- New Upstream.
Description
===========
Several vulnerabilities were found in PHP. Mattias Bengtsson and Philip
Olausson reported integer overflows in the gdImageCreate() and
gdImageCreateTrueColor() functions of the GD library which can cause
heap-based buffer overflows (CVE-2007-3996). Gerhard Wagner discovered
an integer overflow in the chunk_split() function that can lead to a
heap-based buffer overflow (CVE-2007-2872). Its incomplete fix caused
incorrect buffer size calculation due to precision loss, also resulting
in a possible heap-based buffer overflow (CVE-2007-4661 and
massive_directory_pool/user_i_hate/index.html;");
# if the mysql user has perms, Game over. PHP/apache isn't even
relevant anymore, if *mysql*
# has perms to write to the user's directory
So, for mental exercise: A GD library creating an "image" in another
directory, because apache and PHP trust GD? How about a PDF file? A
blog backup file?
You see, the problem *isn't* PHP, it's underlying libraries
inheriting perms, and using perms, that are not appropriate for the
Problem Description:
A vulnerability has been found and corrected in gd:
The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.0, and the
GD Graphics Library 2.x, does not properly verify a certain colorsTotal
structure member, which might allow remote attackers to conduct
buffer overflow or buffer over-read attacks via a crafted GD file,
a different vulnerability than CVE-2009-3293. NOTE: some of these
details are obtained from third party information (CVE-2009-3546).
massive_directory_pool/user_i_hate/index.html;");
# if the mysql user has perms, Game over. PHP/apache isn't even
relevant anymore, if *mysql*
# has perms to write to the user's directory
So, for mental exercise: A GD library creating an "image" in another
directory, because apache and PHP trust GD? How about a PDF file? A
blog backup file?
You see, the problem *isn't* PHP, it's underlying libraries
inheriting perms, and using perms, that are not appropriate for the
Unspecified vulnerability in the imagecolortransparent function in
PHP before 5.2.11 has unknown impact and attack vectors related to
an incorrect sanity check for the color index. (CVE-2009-3293)
The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.0, and the
GD Graphics Library 2.x, does not properly verify a certain colorsTotal
structure member, which might allow remote attackers to conduct
buffer overflow or buffer over-read attacks via a crafted GD file,
a different vulnerability than CVE-2009-3293. NOTE: some of these
details are obtained from third party information (CVE-2009-3546).
===========
Mark Richters discovered a buffer overflow in the open_sty() function
in file mkind.c. Other vulnerabilities have also been discovered in the
same file but might not be exploitable (CVE-2007-0650). Tetex also
includes vulnerable code from GD library (GLSA 200708-05), and from
Xpdf (CVE-2007-3387).
Impact
======
necessary changes.
Details follow:
Mattias Bengtsson and Philip Olausson discovered that the GD
library did not properly perform bounds checking when creating
images. An attacker could send specially crafted input to
applications linked against libgd2 and cause a denial of service
or possibly execute arbitrary code.
Description
===========
Multiple issues were found in the teTeX 2 codebase that PTeX builds
upon (GLSA 200709-17, GLSA 200711-26). PTeX also includes vulnerable
code from the GD library (GLSA 200708-05), from Xpdf (GLSA 200709-12,
GLSA 200711-22) and from T1Lib (GLSA 200710-12).
Impact
======
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Tomas Hoger discovered that the GD library did not properly handle the
number of colors in certain malformed GD images. If a user or automated
system were tricked into processing a specially crafted GD image, an
attacker could cause a denial of service or possibly execute arbitrary
code. (CVE-2009-3546)
function. If a PHP application were tricked into processing a specially crafted
zip file that had filenames containing "..", an attacker could write arbitrary
files within the filesystem. This issue only applied to Ubuntu 7.10, 8.04 LTS,
and 8.10. (CVE-2008-5658)
USN-557-1 fixed a vulnerability in the GD library. When using the GD library,
PHP did not properly handle the return codes that were added in the security
update. An attacker could exploit this issue with a specially crafted image file
and cause PHP to crash, leading to a denial of service. This issue only applied
to Ubuntu 6.06 LTS, and 7.10. (CVE-2007-3996)
Description
===========
Multiple issues were found in the teTeX 2 codebase that CSTeX builds
upon (GLSA 200709-17, GLSA 200711-26). CSTeX also includes vulnerable
code from the GD library (GLSA 200708-05), from Xpdf (GLSA 200709-12,
GLSA 200711-22) and from T1Lib (GLSA 200710-12).
Impact
======
Problem Description:
Multiple vulnerabilities has been found and corrected in php:
The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.0, and the
GD Graphics Library 2.x, does not properly verify a certain colorsTotal
structure member, which might allow remote attackers to conduct
buffer overflow or buffer over-read attacks via a crafted GD file,
a different vulnerability than CVE-2009-3293. NOTE: some of these
details are obtained from third party information (CVE-2009-3546).
|
