6.8

CVE-2007-1001

Multiple integer overflows in the (1) createwbmp and (2) readwbmp functions in wbmp.c in the GD library (libgd) in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allow context-dependent attackers to execute arbitrary code via Wireless Bitmap (WBMP) images with large width or height values.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpPhp Version4.0
PhpPhp Version4.0 Updatebeta_4_patch1
PhpPhp Version4.0 Updatebeta1
PhpPhp Version4.0 Updatebeta2
PhpPhp Version4.0 Updatebeta3
PhpPhp Version4.0 Updatebeta4
PhpPhp Version4.0 Updaterc1
PhpPhp Version4.0 Updaterc2
PhpPhp Version4.0.0
PhpPhp Version4.0.1
PhpPhp Version4.0.1 Updatepatch1
PhpPhp Version4.0.1 Updatepatch2
PhpPhp Version4.0.2
PhpPhp Version4.0.3
PhpPhp Version4.0.3 Updatepatch1
PhpPhp Version4.0.4
PhpPhp Version4.0.4 Updatepatch1
PhpPhp Version4.0.5
PhpPhp Version4.0.6
PhpPhp Version4.0.7
PhpPhp Version4.0.7 Updaterc1
PhpPhp Version4.0.7 Updaterc2
PhpPhp Version4.0.7 Updaterc3
PhpPhp Version4.1.0
PhpPhp Version4.1.1
PhpPhp Version4.1.2
PhpPhp Version4.2 Editiondev
PhpPhp Version4.2.0
PhpPhp Version4.2.1
PhpPhp Version4.2.2
PhpPhp Version4.2.3
PhpPhp Version4.3.0
PhpPhp Version4.3.1
PhpPhp Version4.3.2
PhpPhp Version4.3.3
PhpPhp Version4.3.4
PhpPhp Version4.3.5
PhpPhp Version4.3.6
PhpPhp Version4.3.7
PhpPhp Version4.3.8
PhpPhp Version4.3.9
PhpPhp Version4.3.10
PhpPhp Version4.3.11
PhpPhp Version4.4.0
PhpPhp Version4.4.1
PhpPhp Version4.4.2
PhpPhp Version4.4.3
PhpPhp Version4.4.4
PhpPhp Version4.4.5
PhpPhp Version4.4.6
PhpPhp Version5.0 Updaterc1
PhpPhp Version5.0 Updaterc2
PhpPhp Version5.0 Updaterc3
PhpPhp Version5.0.0
PhpPhp Version5.0.0 Updatebeta1
PhpPhp Version5.0.0 Updatebeta2
PhpPhp Version5.0.0 Updatebeta3
PhpPhp Version5.0.0 Updatebeta4
PhpPhp Version5.0.0 Updaterc1
PhpPhp Version5.0.0 Updaterc2
PhpPhp Version5.0.0 Updaterc3
PhpPhp Version5.0.1
PhpPhp Version5.0.2
PhpPhp Version5.0.3
PhpPhp Version5.0.4
PhpPhp Version5.0.5
PhpPhp Version5.1.0
PhpPhp Version5.1.1
PhpPhp Version5.1.2
PhpPhp Version5.1.3
PhpPhp Version5.1.4
PhpPhp Version5.1.5
PhpPhp Version5.1.6
PhpPhp Version5.2.0
PhpPhp Version5.2.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 8.32% 0.942
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://docs.info.apple.com/article.html?artnum=306172
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
http://secunia.com/advisories/26235
Vendor Advisory
http://www.securityfocus.com/bid/25159
http://www.vupen.com/english/advisories/2007/2732
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2007-0155.html
Vendor Advisory
http://secunia.com/advisories/24924
Vendor Advisory
http://secunia.com/advisories/24945
Vendor Advisory
http://secunia.com/advisories/24965
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2007-0153.html
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2007-0162.html
Vendor Advisory
http://www.securityfocus.com/archive/1/466166/100/0/threaded
https://issues.rpath.com/browse/RPL-1268
http://secunia.com/advisories/25056
Vendor Advisory
http://www.novell.com/linux/security/advisories/2007_32_php.html
http://secunia.com/advisories/24909
Vendor Advisory
http://secunia.com/advisories/25445
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200705-19.xml
http://us2.php.net/releases/4_4_7.php
http://us2.php.net/releases/5_2_2.php
http://www.mandriva.com/security/advisories?name=MDKSA-2007:087
http://www.mandriva.com/security/advisories?name=MDKSA-2007:088
http://www.mandriva.com/security/advisories?name=MDKSA-2007:089
http://www.mandriva.com/security/advisories?name=MDKSA-2007:090
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/wbmp.c?r1=1.2.4.1&r2=1.2.4.1.8.1
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/wbmp.c?revision=1.2.4.1.8.1&view=markup
http://ifsec.blogspot.com/2007/04/php-521-wbmp-file-handling-integer.html
http://secunia.com/advisories/24814
Vendor Advisory
http://secunia.com/advisories/25151
Vendor Advisory
http://www.securityfocus.com/archive/1/464957/100/0/threaded
http://www.securityfocus.com/bid/23357
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.470053
http://www.vupen.com/english/advisories/2007/1269
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/33453
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10179