First published: Thu Feb 28 2008(Updated: )
The gd package contains a graphics library used for the dynamic creation of<br>images such as PNG and JPEG.<br>Multiple issues were discovered in the gd GIF image-handling code. A<br>carefully-crafted GIF file could cause a crash or possibly execute code<br>with the privileges of the application using the gd library.<br>(CVE-2006-4484, CVE-2007-3475, CVE-2007-3476)<br>An integer overflow was discovered in the gdImageCreateTrueColor()<br>function, leading to incorrect memory allocations. A carefully crafted<br>image could cause a crash or possibly execute code with the privileges of<br>the application using the gd library. (CVE-2007-3472)<br>A buffer over-read flaw was discovered. This could cause a crash in an<br>application using the gd library to render certain strings using a<br>JIS-encoded font. (CVE-2007-0455)<br>A flaw was discovered in the gd PNG image handling code. A truncated PNG<br>image could cause an infinite loop in an application using the gd library.<br>(CVE-2007-2756)<br>A flaw was discovered in the gd X BitMap (XBM) image-handling code. A<br>malformed or truncated XBM image could cause a crash in an application<br>using the gd library. (CVE-2007-3473)<br>Users of gd should upgrade to these updated packages, which contain<br>backported patches which resolve these issues.
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/gd | <2.0.33-9.4.el5_1.1 | 2.0.33-9.4.el5_1.1 |
redhat/gd | <2.0.33-9.4.el5_1.1 | 2.0.33-9.4.el5_1.1 |
redhat/gd-devel | <2.0.33-9.4.el5_1.1 | 2.0.33-9.4.el5_1.1 |
redhat/gd-devel | <2.0.33-9.4.el5_1.1 | 2.0.33-9.4.el5_1.1 |
redhat/gd-progs | <2.0.33-9.4.el5_1.1 | 2.0.33-9.4.el5_1.1 |
redhat/gd-progs | <2.0.33-9.4.el5_1.1 | 2.0.33-9.4.el5_1.1 |
redhat/gd | <2.0.28-5.4E.el4_6.1 | 2.0.28-5.4E.el4_6.1 |
redhat/gd | <2.0.28-5.4E.el4_6.1 | 2.0.28-5.4E.el4_6.1 |
redhat/gd-devel | <2.0.28-5.4E.el4_6.1 | 2.0.28-5.4E.el4_6.1 |
redhat/gd-progs | <2.0.28-5.4E.el4_6.1 | 2.0.28-5.4E.el4_6.1 |
redhat/gd-devel | <2.0.28-5.4E.el4_6.1 | 2.0.28-5.4E.el4_6.1 |
redhat/gd-progs | <2.0.28-5.4E.el4_6.1 | 2.0.28-5.4E.el4_6.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.