CVE-2007-0455 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2007-0455?

CVE-2007-0455 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2007-0455?

Check the references section above for vendor advisories and patch information. Affected products include: Gd Graphics Library Project Gd Graphics Library, Php Php, Canonical Ubuntu Linux, Fedoraproject Fedora, Redhat Enterprise Linux Desktop.

Vulnerability Description

Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Gd Graphics Library Project	Gd Graphics Library	<= 2.0.33
Php	Php	>= 4.4.0, < 4.4.7
Canonical	Ubuntu Linux	6.06
Fedoraproject	Fedora	13
Redhat	Enterprise Linux Desktop	3.0
Redhat	Enterprise Linux Server	3.0
Redhat	Enterprise Linux Workstation	3.0

Related Weaknesses (CWE)

CWE-120

References

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=224607Issue TrackingThird Party Advisory
http://fedoranews.org/cms/node/2631Broken Link
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.htMailing ListThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.htMailing ListThird Party Advisory
http://lists.rpath.com/pipermail/security-announce/2007-February/000145.htmlBroken Link
http://rhn.redhat.com/errata/RHSA-2007-0155.htmlThird Party Advisory
http://secunia.com/advisories/23916Not ApplicableVendor Advisory
http://secunia.com/advisories/24022Not Applicable
http://secunia.com/advisories/24052Not Applicable
http://secunia.com/advisories/24053Not Applicable
http://secunia.com/advisories/24107Not Applicable
http://secunia.com/advisories/24143Not Applicable
http://secunia.com/advisories/24151Not Applicable
http://secunia.com/advisories/24924Not Applicable
http://secunia.com/advisories/24945Not Applicable

FAQ

What is CVE-2007-0455?

CVE-2007-0455 is a vulnerability with a CVSS score of 7.5 (HIGH). Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbi...

How severe is CVE-2007-0455?

CVE-2007-0455 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-0455?

Check the references section above for vendor advisories and patch information. Affected products include: Gd Graphics Library Project Gd Graphics Library, Php Php, Canonical Ubuntu Linux, Fedoraproject Fedora, Redhat Enterprise Linux Desktop.