English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.58502
Categoría:Mandrake Local Security Checks
Título:Mandrake Security Advisory MDKSA-2007:164 (tetex)
Resumen:NOSUMMARY
Descripción:Description:

The remote host is missing an update to tetex
announced via advisory MDKSA-2007:164.

Maurycy Prodeus found an integer overflow vulnerability in the way
various PDF viewers processed PDF files. An attacker could create
a malicious PDF file that could cause tetex to crash and possibly
execute arbitrary code open a user opening the file.

In addition, tetex contains an embedded copy of the GD library which
suffers from a number of bugs which potentially lead to denial of
service and possibly other issues.

Integer overflow in gdImageCreateTrueColor function in the GD Graphics
Library (libgd) before 2.0.35 allows user-assisted remote attackers
to have unspecified remote attack vectors and impact. (CVE-2007-3472)

The gdImageCreateXbm function in the GD Graphics Library (libgd)
before 2.0.35 allows user-assisted remote attackers to cause a denial
of service (crash) via unspecified vectors involving a gdImageCreate
failure. (CVE-2007-3473)

Multiple unspecified vulnerabilities in the GIF reader in the
GD Graphics Library (libgd) before 2.0.35 allow user-assisted
remote attackers to have unspecified attack vectors and
impact. (CVE-2007-3474)

The GD Graphics Library (libgd) before 2.0.35 allows user-assisted
remote attackers to cause a denial of service (crash) via a GIF image
that has no global color map. (CVE-2007-3475)

Array index error in gd_gif_in.c in the GD Graphics Library (libgd)
before 2.0.35 allows user-assisted remote attackers to cause
a denial of service (crash and heap corruption) via large color
index values in crafted image data, which results in a segmentation
fault. (CVE-2007-3476)

The (a) imagearc and (b) imagefilledarc functions in GD Graphics
Library (libgd) before 2.0.35 allows attackers to cause a denial
of service (CPU consumption) via a large (1) start or (2) end angle
degree value. (CVE-2007-3477)

Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the
GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote
attackers to cause a denial of service (crash) via unspecified vectors,
possibly involving truetype font (TTF) support. (CVE-2007-3478)

Updated packages have been patched to prevent these issues.

Affected: 2007.0, 2007.1, Corporate 4.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2007:164

Risk factor : High

CVSS Score:
6.8

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2007-3472
BugTraq ID: 24651
http://www.securityfocus.com/bid/24651
Bugtraq: 20070907 FLEA-2007-0052-1 gd (Google Search)
http://www.securityfocus.com/archive/1/478796/100/0/threaded
http://fedoranews.org/updates/FEDORA-2007-205.shtml
http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html
http://security.gentoo.org/glsa/glsa-200708-05.xml
http://security.gentoo.org/glsa/glsa-200711-34.xml
http://security.gentoo.org/glsa/glsa-200805-13.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:153
http://www.mandriva.com/security/advisories?name=MDKSA-2007:164
http://bugs.libgd.org/?do=details&task_id=89
http://www.secweb.se/en/advisories/gd-gdimagecreatetruecolor-integer-overflow/
http://osvdb.org/37745
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11067
http://www.redhat.com/support/errata/RHSA-2008-0146.html
http://secunia.com/advisories/25855
http://secunia.com/advisories/25860
http://secunia.com/advisories/26272
http://secunia.com/advisories/26390
http://secunia.com/advisories/26415
http://secunia.com/advisories/26467
http://secunia.com/advisories/26663
http://secunia.com/advisories/26766
http://secunia.com/advisories/26856
http://secunia.com/advisories/29157
http://secunia.com/advisories/30168
http://secunia.com/advisories/42813
SuSE Security Announcement: SUSE-SR:2007:015 (Google Search)
http://www.novell.com/linux/security/advisories/2007_15_sr.html
http://www.trustix.org/errata/2007/0024/
http://www.vupen.com/english/advisories/2007/2336
http://www.vupen.com/english/advisories/2011/0022
XForce ISS Database: gd-imagecreatetruecolor-code-execution(35108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35108
Common Vulnerability Exposure (CVE) ID: CVE-2007-3473
http://bugs.libgd.org/?do=details&task_id=94
http://osvdb.org/37744
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11806
XForce ISS Database: gd-imagecreatexbm-dos(35109)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35109
Common Vulnerability Exposure (CVE) ID: CVE-2007-3474
http://osvdb.org/37743
XForce ISS Database: gd-gifreader-unspecified(35110)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35110
Common Vulnerability Exposure (CVE) ID: CVE-2007-3475
http://www.libgd.org/ReleaseNote020035
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9728
Common Vulnerability Exposure (CVE) ID: CVE-2007-3476
Debian Security Information: DSA-1613 (Google Search)
http://www.debian.org/security/2008/dsa-1613
http://osvdb.org/37741
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10348
http://secunia.com/advisories/31168
Common Vulnerability Exposure (CVE) ID: CVE-2007-3477
http://osvdb.org/42062
Common Vulnerability Exposure (CVE) ID: CVE-2007-3478
http://bugs.php.net/bug.php?id=40578
http://osvdb.org/37740
Common Vulnerability Exposure (CVE) ID: CVE-2007-3387
1018473
http://www.securitytracker.com/id?1018473
20070801-01-P
ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc
20070814 FLEA-2007-0044-1 tetex tetex-dvips tetex-fonts
http://www.securityfocus.com/archive/1/476508/100/0/threaded
20070814 FLEA-2007-0045-1 poppler
http://www.securityfocus.com/archive/1/476519/30/5400/threaded
20070816 FLEA-2007-0046-1 cups
http://www.securityfocus.com/archive/1/476765/30/5340/threaded
25124
http://www.securityfocus.com/bid/25124
26188
http://secunia.com/advisories/26188
26251
http://secunia.com/advisories/26251
26254
http://secunia.com/advisories/26254
26255
http://secunia.com/advisories/26255
26257
http://secunia.com/advisories/26257
26278
http://secunia.com/advisories/26278
26281
http://secunia.com/advisories/26281
26283
http://secunia.com/advisories/26283
26292
http://secunia.com/advisories/26292
26293
http://secunia.com/advisories/26293
26297
http://secunia.com/advisories/26297
26307
http://secunia.com/advisories/26307
26318
http://secunia.com/advisories/26318
26325
http://secunia.com/advisories/26325
26342
http://secunia.com/advisories/26342
26343
http://secunia.com/advisories/26343
26358
http://secunia.com/advisories/26358
26365
http://secunia.com/advisories/26365
26370
http://secunia.com/advisories/26370
26395
http://secunia.com/advisories/26395
26403
http://secunia.com/advisories/26403
26405
http://secunia.com/advisories/26405
26407
http://secunia.com/advisories/26407
26410
http://secunia.com/advisories/26410
26413
http://secunia.com/advisories/26413
26425
http://secunia.com/advisories/26425
26432
http://secunia.com/advisories/26432
26436
http://secunia.com/advisories/26436
26467
26468
http://secunia.com/advisories/26468
26470
http://secunia.com/advisories/26470
26514
http://secunia.com/advisories/26514
26607
http://secunia.com/advisories/26607
26627
http://secunia.com/advisories/26627
26862
http://secunia.com/advisories/26862
26982
http://secunia.com/advisories/26982
27156
http://secunia.com/advisories/27156
27281
http://secunia.com/advisories/27281
27308
http://secunia.com/advisories/27308
27637
http://secunia.com/advisories/27637
30168
40127
http://osvdb.org/40127
ADV-2007-2704
http://www.vupen.com/english/advisories/2007/2704
ADV-2007-2705
http://www.vupen.com/english/advisories/2007/2705
DSA-1347
http://www.debian.org/security/2007/dsa-1347
DSA-1348
http://www.debian.org/security/2007/dsa-1348
DSA-1349
http://www.debian.org/security/2007/dsa-1349
DSA-1350
http://www.debian.org/security/2007/dsa-1350
DSA-1352
http://www.debian.org/security/2007/dsa-1352
DSA-1354
http://www.debian.org/security/2007/dsa-1354
DSA-1355
http://www.debian.org/security/2007/dsa-1355
DSA-1357
http://www.debian.org/security/2007/dsa-1357
GLSA-200709-12
http://security.gentoo.org/glsa/glsa-200709-12.xml
GLSA-200709-17
http://security.gentoo.org/glsa/glsa-200709-17.xml
GLSA-200710-08
http://www.gentoo.org/security/en/glsa/glsa-200710-08.xml
GLSA-200710-20
http://security.gentoo.org/glsa/glsa-200710-20.xml
GLSA-200711-34
GLSA-200805-13
MDKSA-2007:158
http://www.mandriva.com/security/advisories?name=MDKSA-2007:158
MDKSA-2007:159
http://www.mandriva.com/security/advisories?name=MDKSA-2007:159
MDKSA-2007:160
http://www.mandriva.com/security/advisories?name=MDKSA-2007:160
MDKSA-2007:161
http://www.mandriva.com/security/advisories?name=MDKSA-2007:161
MDKSA-2007:162
http://www.mandriva.com/security/advisories?name=MDKSA-2007:162
MDKSA-2007:163
http://www.mandriva.com/security/advisories?name=MDKSA-2007:163
MDKSA-2007:164
MDKSA-2007:165
http://www.mandriva.com/security/advisories?name=MDKSA-2007:165
RHSA-2007:0720
http://www.redhat.com/support/errata/RHSA-2007-0720.html
RHSA-2007:0729
http://www.redhat.com/support/errata/RHSA-2007-0729.html
RHSA-2007:0730
http://www.redhat.com/support/errata/RHSA-2007-0730.html
RHSA-2007:0731
http://www.redhat.com/support/errata/RHSA-2007-0731.html
RHSA-2007:0732
http://www.redhat.com/support/errata/RHSA-2007-0732.html
RHSA-2007:0735
http://www.redhat.com/support/errata/RHSA-2007-0735.html
SSA:2007-222-05
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.423670
SSA:2007-316-01
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.761882
SUSE-SR:2007:015
SUSE-SR:2007:016
http://www.novell.com/linux/security/advisories/2007_16_sr.html
USN-496-1
http://www.ubuntu.com/usn/usn-496-1
USN-496-2
http://www.ubuntu.com/usn/usn-496-2
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch
http://bugs.gentoo.org/show_bug.cgi?id=187139
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248194
http://sourceforge.net/project/shownotes.php?release_id=535497
http://support.avaya.com/elmodocs2/security/ASA-2007-401.htm
http://www.kde.org/info/security/advisory-20070730-1.txt
https://issues.foresightlinux.org/browse/FL-471
https://issues.rpath.com/browse/RPL-1596
https://issues.rpath.com/browse/RPL-1604
oval:org.mitre.oval:def:11149
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11149
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.