2
Candidate: CVE-2007-3996
4
http://www.secweb.se/en/advisories/php-imagecreatetruecolor-integer-overflow/
5
https://usn.ubuntu.com/usn/usn-557-1
6
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3996
7
https://usn.ubuntu.com/usn/usn-720-1
9
Multiple integer overflows in libgd in PHP before 5.2.4 allow remote
10
attackers to cause a denial of service (application crash) and possibly
11
execute arbitrary code via a large (1) srcW or (2) srcH value to the (a)
12
gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width)
13
value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function.
16
jdstrand> note this is gdImageCreate and gdImageCreateTrueColor
17
jdstrand> dapper-gutsy libgd2 are affected to varying degrees
18
jdstrand> php5-gd segfaults on feisty and gutsy before patching libgd2,
19
and dapper-gutsy segfault after (this is because feisty-gutsy had a partial
20
fix already in libgd2). php5-gd is not handling the error condition when
21
libgd2 fails properly. Verified that 5.2.4 works with patched libgd2.
26
upstream_libgd2: 2.0.35
27
dapper_libgd2: released (2.0.33-2ubuntu5.3)
28
edgy_libgd2: released (2.0.33-4ubuntu2.2)
29
feisty_libgd2: released (2.0.34~rc1-2ubuntu1.2)
30
gutsy_libgd2: released (2.0.34-1ubuntu1.1)
31
hardy_libgd2: not-affected (2.0.35.dfsg-3ubuntu1)
32
intrepid_libgd2: not-affected (2.0.35.dfsg-3ubuntu1)
33
devel_libgd2: not-affected (2.0.35.dfsg-3ubuntu1)
36
Priority_php5: negligible
38
vendor: http://www.mandriva.com/security/advisories?name=MDKSA-2007:187
39
upstream: http://cvs.php.net/viewvc.cgi/php-src/ext/gd/gd.c?r1=1.312.2.20.2.28&r2=1.312.2.20.2.29
40
dapper_php5: released (5.1.2-1ubuntu3.13)
41
edgy_php5: needed (reached end-of-life)
42
feisty_php5: needed (reached end-of-life)
43
gutsy_php5: released (5.2.3-1ubuntu6.5)
44
hardy_php5: not-affected (5.2.4-2ubuntu3)
45
intrepid_php5: not-affected (5.2.4-2ubuntu3)
46
devel_php5: not-affected (5.2.4-2ubuntu3)