6.8

CVE-2007-1001

EPSS 13.39%
Published 06.04.2007 00:19:00
Last modified 09.04.2025 00:30:58
Source secalert@redhat.com
Teams watchlist Login
Open Login

Multiple integer overflows in the (1) createwbmp and (2) readwbmp functions in wbmp.c in the GD library (libgd) in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allow context-dependent attackers to execute arbitrary code via Wireless Bitmap (WBMP) images with large width or height values.

Affected products Warnungen 0 Metrics 2 CWE 0 References 38

Data is provided by the National Vulnerability Database (NVD)

Php ≫ Php Version4.0

Php ≫ Php Version4.0 Updatebeta_4_patch1

Php ≫ Php Version4.0 Updatebeta1

Php ≫ Php Version4.0 Updatebeta2

Php ≫ Php Version4.0 Updatebeta3

Php ≫ Php Version4.0 Updatebeta4

Php ≫ Php Version4.0 Updaterc1

Php ≫ Php Version4.0 Updaterc2

Php ≫ Php Version4.0.0

Php ≫ Php Version4.0.1

Php ≫ Php Version4.0.1 Updatepatch1

Php ≫ Php Version4.0.1 Updatepatch2

Php ≫ Php Version4.0.2

Php ≫ Php Version4.0.3

Php ≫ Php Version4.0.3 Updatepatch1

Php ≫ Php Version4.0.4

Php ≫ Php Version4.0.4 Updatepatch1

Php ≫ Php Version4.0.5

Php ≫ Php Version4.0.6

Php ≫ Php Version4.0.7

Php ≫ Php Version4.0.7 Updaterc1

Php ≫ Php Version4.0.7 Updaterc2

Php ≫ Php Version4.0.7 Updaterc3

Php ≫ Php Version4.1.0

Php ≫ Php Version4.1.1

Php ≫ Php Version4.1.2

Php ≫ Php Version4.2 Editiondev

Php ≫ Php Version4.2.0

Php ≫ Php Version4.2.1

Php ≫ Php Version4.2.2

Php ≫ Php Version4.2.3

Php ≫ Php Version4.3.0

Php ≫ Php Version4.3.1

Php ≫ Php Version4.3.2

Php ≫ Php Version4.3.3

Php ≫ Php Version4.3.4

Php ≫ Php Version4.3.5

Php ≫ Php Version4.3.6

Php ≫ Php Version4.3.7

Php ≫ Php Version4.3.8

Php ≫ Php Version4.3.9

Php ≫ Php Version4.3.10

Php ≫ Php Version4.3.11

Php ≫ Php Version4.4.0

Php ≫ Php Version4.4.1

Php ≫ Php Version4.4.2

Php ≫ Php Version4.4.3

Php ≫ Php Version4.4.4

Php ≫ Php Version4.4.5

Php ≫ Php Version4.4.6

Php ≫ Php Version5.0 Updaterc1

Php ≫ Php Version5.0 Updaterc2

Php ≫ Php Version5.0 Updaterc3

Php ≫ Php Version5.0.0

Php ≫ Php Version5.0.0 Updatebeta1

Php ≫ Php Version5.0.0 Updatebeta2

Php ≫ Php Version5.0.0 Updatebeta3

Php ≫ Php Version5.0.0 Updatebeta4

Php ≫ Php Version5.0.0 Updaterc1

Php ≫ Php Version5.0.0 Updaterc2

Php ≫ Php Version5.0.0 Updaterc3

Php ≫ Php Version5.0.1

Php ≫ Php Version5.0.2

Php ≫ Php Version5.0.3

Php ≫ Php Version5.0.4

Php ≫ Php Version5.0.5

Php ≫ Php Version5.1.0

Php ≫ Php Version5.1.1

Php ≫ Php Version5.1.2

Php ≫ Php Version5.1.3

Php ≫ Php Version5.1.4

Php ≫ Php Version5.1.5

Php ≫ Php Version5.1.6

Php ≫ Php Version5.2.0

Php ≫ Php Version5.2.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	13.39%	0.94

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

http://docs.info.apple.com/article.html?artnum=306172

http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html

http://secunia.com/advisories/26235

Vendor Advisory

http://www.securityfocus.com/bid/25159

http://www.vupen.com/english/advisories/2007/2732

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2007-0155.html

Vendor Advisory

http://secunia.com/advisories/24924

Vendor Advisory

http://secunia.com/advisories/24945

Vendor Advisory

http://secunia.com/advisories/24965

Vendor Advisory

http://www.redhat.com/support/errata/RHSA-2007-0153.html

Vendor Advisory

http://www.redhat.com/support/errata/RHSA-2007-0162.html

Vendor Advisory

http://www.securityfocus.com/archive/1/466166/100/0/threaded

https://issues.rpath.com/browse/RPL-1268

http://secunia.com/advisories/25056

Vendor Advisory

http://www.novell.com/linux/security/advisories/2007_32_php.html

http://secunia.com/advisories/24909

Vendor Advisory

http://secunia.com/advisories/25445

Vendor Advisory

http://security.gentoo.org/glsa/glsa-200705-19.xml

http://us2.php.net/releases/4_4_7.php

http://us2.php.net/releases/5_2_2.php

http://www.mandriva.com/security/advisories?name=MDKSA-2007:087

http://www.mandriva.com/security/advisories?name=MDKSA-2007:088

http://www.mandriva.com/security/advisories?name=MDKSA-2007:089

http://www.mandriva.com/security/advisories?name=MDKSA-2007:090

http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/wbmp.c?r1=1.2.4.1&r2=1.2.4.1.8.1

http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/wbmp.c?revision=1.2.4.1.8.1&view=markup

http://ifsec.blogspot.com/2007/04/php-521-wbmp-file-handling-integer.html

http://secunia.com/advisories/24814

Vendor Advisory

http://secunia.com/advisories/25151

Vendor Advisory

http://www.securityfocus.com/archive/1/464957/100/0/threaded

http://www.securityfocus.com/bid/23357

http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.470053

http://www.vupen.com/english/advisories/2007/1269

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/33453

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10179

https://nvd.nist.gov/vuln/detail/CVE-2007-1001

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-1001

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-1001

EUVD