7.5
CVE-2007-0455
- EPSS 11.69%
- Veröffentlicht 30.01.2007 17:28:00
- Zuletzt bearbeitet 16.06.2026 22:35:36
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Gd Graphics Library Project ≫ Gd Graphics Library Version <= 2.0.33
Canonical ≫ Ubuntu Linux Version6.06
Canonical ≫ Ubuntu Linux Version6.10
Canonical ≫ Ubuntu Linux Version7.04
Fedoraproject ≫ Fedora Version13
Fedoraproject ≫ Fedora Version14
Redhat ≫ Enterprise Linux Desktop Version3.0
Redhat ≫ Enterprise Linux Desktop Version4.0
Redhat ≫ Enterprise Linux Server Version3.0
Redhat ≫ Enterprise Linux Server Version4.0
Redhat ≫ Enterprise Linux Workstation Version3.0
Redhat ≫ Enterprise Linux Workstation Version4.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 11.69% | 0.955 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
http://secunia.com/advisories/29157
http://www.redhat.com/support/errata/RHSA-2008-0146.html
http://secunia.com/advisories/24022
http://www.mandriva.com/security/advisories?name=MDKSA-2007:038
http://secunia.com/advisories/24151
http://www.trustix.org/errata/2007/0007
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=224607
http://fedoranews.org/cms/node/2631
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html
http://lists.rpath.com/pipermail/security-announce/2007-February/000145.html
http://rhn.redhat.com/errata/RHSA-2007-0155.html
http://secunia.com/advisories/23916
http://secunia.com/advisories/24052
http://secunia.com/advisories/24053
http://secunia.com/advisories/24107
http://secunia.com/advisories/24143
http://secunia.com/advisories/24924
http://secunia.com/advisories/24945
http://secunia.com/advisories/24965
http://secunia.com/advisories/25575
http://secunia.com/advisories/42813
http://www.mandriva.com/security/advisories?name=MDKSA-2007:035
http://www.mandriva.com/security/advisories?name=MDKSA-2007:036
http://www.mandriva.com/security/advisories?name=MDKSA-2007:109
http://www.redhat.com/support/errata/RHSA-2007-0153.html
http://www.redhat.com/support/errata/RHSA-2007-0162.html
http://www.securityfocus.com/archive/1/466166/100/0/threaded
http://www.securityfocus.com/bid/22289
http://www.ubuntu.com/usn/usn-473-1
http://www.vupen.com/english/advisories/2007/0400
http://www.vupen.com/english/advisories/2011/0022
https://issues.rpath.com/browse/RPL-1030
https://issues.rpath.com/browse/RPL-1268
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11303