Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2008:0146

The remote host is missing updates announced in
advisory RHSA-2008:0146.

The gd package contains a graphics library used for the dynamic creation of
images such as PNG and JPEG.

Multiple issues were discovered in the gd GIF image-handling code. A
carefully-crafted GIF file could cause a crash or possibly execute code
with the privileges of the application using the gd library.
(CVE-2006-4484, CVE-2007-3475, CVE-2007-3476)

An integer overflow was discovered in the gdImageCreateTrueColor()
function, leading to incorrect memory allocations. A carefully crafted
image could cause a crash or possibly execute code with the privileges of
the application using the gd library. (CVE-2007-3472)

A buffer over-read flaw was discovered. This could cause a crash in an
application using the gd library to render certain strings using a
JIS-encoded font. (CVE-2007-0455)

A flaw was discovered in the gd PNG image handling code. A truncated PNG
image could cause an infinite loop in an application using the gd library.

A flaw was discovered in the gd X BitMap (XBM) image-handling code. A
malformed or truncated XBM image could cause a crash in an application
using the gd library. (CVE-2007-3473)

Users of gd should upgrade to these updated packages, which contain
backported patches which resolve these issues.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

Risk factor : High

CVSS Score:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-4484
BugTraq ID: 19582
Bugtraq: 20061005 rPSA-2006-0182-1 php php-mysql php-pgsql (Google Search)
Bugtraq: 20080206 rPSA-2008-0046-1 gd (Google Search)
Bugtraq: 20080212 FLEA-2008-0007-1 gd (Google Search)
RedHat Security Advisories: RHSA-2006:0688
SGI Security Advisory: 20061001-01-P
SuSE Security Announcement: SUSE-SA:2006:052 (Google Search)
SuSE Security Announcement: SUSE-SR:2008:003 (Google Search)
SuSE Security Announcement: SUSE-SR:2008:005 (Google Search)
SuSE Security Announcement: SUSE-SR:2008:013 (Google Search)
TurboLinux Advisory: TLSA-2006-38
Common Vulnerability Exposure (CVE) ID: CVE-2007-0455
BugTraq ID: 22289
Bugtraq: 20070418 rPSA-2007-0073-1 php php-mysql php-pgsql (Google Search)
RedHat Security Advisories: RHSA-2007:0155
Common Vulnerability Exposure (CVE) ID: CVE-2007-2756
BugTraq ID: 24089
HPdes Security Advisory: HPSBUX02262
HPdes Security Advisory: SSRT071447
RedHat Security Advisories: RHSA-2007:0889
SuSE Security Announcement: SUSE-SA:2007:044 (Google Search)
SuSE Security Announcement: SUSE-SR:2007:013 (Google Search)
XForce ISS Database: gd-gdpngreaddata-dos(34420)
Common Vulnerability Exposure (CVE) ID: CVE-2007-3472
BugTraq ID: 24651
Bugtraq: 20070907 FLEA-2007-0052-1 gd (Google Search)
SuSE Security Announcement: SUSE-SR:2007:015 (Google Search)
XForce ISS Database: gd-imagecreatetruecolor-code-execution(35108)
Common Vulnerability Exposure (CVE) ID: CVE-2007-3473
XForce ISS Database: gd-imagecreatexbm-dos(35109)
Common Vulnerability Exposure (CVE) ID: CVE-2007-3475
Common Vulnerability Exposure (CVE) ID: CVE-2007-3476
Debian Security Information: DSA-1613 (Google Search)
CopyrightCopyright (c) 2008 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.