Vulnerability Description
Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Php | Php | 5.1.0 |
References
- ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
- http://bugs.php.net/bug.php?id=38112Exploit
- http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_gif_in.c?r1=1.10&r2=1.11Patch
- http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_gif_in.c?view=logPatch
- http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
- http://rhn.redhat.com/errata/RHSA-2006-0688.html
- http://secunia.com/advisories/21546PatchVendor Advisory
- http://secunia.com/advisories/21768Vendor Advisory
- http://secunia.com/advisories/21842Vendor Advisory
- http://secunia.com/advisories/22039
- http://secunia.com/advisories/22069
- http://secunia.com/advisories/22225
- http://secunia.com/advisories/22440
- http://secunia.com/advisories/22487
FAQ
What is CVE-2006-4484?
CVE-2006-4484 is a vulnerability with a CVSS score of 2.6 (LOW). Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size g...
How severe is CVE-2006-4484?
CVE-2006-4484 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-4484?
Check the references section above for vendor advisories and patch information. Affected products include: Php Php.