2.6

CVE-2006-4484

Exploit
Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpPhp Version5.1.0
PhpPhp Version5.1.1
PhpPhp Version5.1.2
PhpPhp Version5.1.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.36% 0.928
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 2.6 4.9 2.9
AV:N/AC:H/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
http://secunia.com/advisories/29242
http://www.turbolinux.com/security/2006/TLSA-2006-38.txt
http://secunia.com/advisories/21546
Patch
Vendor Advisory
http://www.php.net/ChangeLog-5.php#5.1.5
http://www.php.net/release_5_1_5.php
Patch
http://secunia.com/advisories/22225
http://www.securityfocus.com/archive/1/447866/100/0/threaded
https://issues.rpath.com/browse/RPL-683
http://secunia.com/advisories/22039
http://www.novell.com/linux/security/advisories/2006_52_php.html
ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
http://secunia.com/advisories/22069
http://secunia.com/advisories/22440
http://secunia.com/advisories/22487
http://support.avaya.com/elmodocs2/security/ASA-2006-222.htm
http://rhn.redhat.com/errata/RHSA-2006-0688.html
http://secunia.com/advisories/21768
Vendor Advisory
http://secunia.com/advisories/22538
http://securitytracker.com/id?1016984
http://support.avaya.com/elmodocs2/security/ASA-2006-223.htm
http://www.ubuntu.com/usn/usn-342-1
http://secunia.com/advisories/21842
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:162
http://www.securityfocus.com/bid/19582
http://www.vupen.com/english/advisories/2006/3318
http://bugs.php.net/bug.php?id=38112
Exploit
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_gif_in.c?r1=1.10&r2=1.11
Patch
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_gif_in.c?view=log
Patch
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html
http://secunia.com/advisories/28768
http://secunia.com/advisories/28838
http://secunia.com/advisories/28845
http://secunia.com/advisories/28866
http://secunia.com/advisories/28959
http://secunia.com/advisories/29157
http://secunia.com/advisories/29546
http://secunia.com/advisories/30717
http://wiki.rpath.com/Advisories:rPSA-2008-0046
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0046
http://www.mandriva.com/security/advisories?name=MDVSA-2008:038
http://www.mandriva.com/security/advisories?name=MDVSA-2008:077
http://www.novell.com/linux/security/advisories/2008_13_sr.html
http://www.redhat.com/support/errata/RHSA-2008-0146.html
http://www.securityfocus.com/archive/1/487683/100/0/threaded
http://www.securityfocus.com/archive/1/488008/100/0/threaded
https://bugzilla.redhat.com/show_bug.cgi?id=431568
https://issues.rpath.com/browse/RPL-2218
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9004
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00502.html