CVE-2007-0455

EPSS 4.93%
Veröffentlicht 30.01.2007 17:28:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 38

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gd Graphics Library Project ≫ Gd Graphics Library Version <= 2.0.33

Php ≫ Php Version >= 4.4.0 < 4.4.7

Canonical ≫ Ubuntu Linux Version6.06

Canonical ≫ Ubuntu Linux Version6.10

Canonical ≫ Ubuntu Linux Version7.04

Fedoraproject ≫ Fedora Version13

Fedoraproject ≫ Fedora Version14

Redhat ≫ Enterprise Linux Desktop Version3.0

Redhat ≫ Enterprise Linux Desktop Version4.0

Redhat ≫ Enterprise Linux Server Version3.0

Redhat ≫ Enterprise Linux Server Version4.0

Redhat ≫ Enterprise Linux Workstation Version3.0

Redhat ≫ Enterprise Linux Workstation Version4.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	4.93%	0.892

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

http://secunia.com/advisories/29157

Not Applicable

http://www.redhat.com/support/errata/RHSA-2008-0146.html

Third Party Advisory

http://secunia.com/advisories/24022

Not Applicable

http://www.mandriva.com/security/advisories?name=MDKSA-2007:038

Broken Link

http://secunia.com/advisories/24151

Not Applicable

http://www.trustix.org/errata/2007/0007

Broken Link