FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-1001

This CVE name corresponds to:

Entered	Topic
2007-05-07	php -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-1001 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2007-1001
Phase	Assigned(20070216)

Description

Multiple integer overflows in the (1) createwbmp and (2) readwbmp functions in wbmp.c in the GD library (libgd) in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allow context-dependent attackers to execute arbitrary code via Wireless Bitmap (WBMP) images with large width or height values.

References

Source	Reference
BUGTRAQ	20070407 PHP <= 5.2.1 wbmp file handling integer overflow
BUGTRAQ	20070418 rPSA-2007-0073-1 php php-mysql php-pgsql
MISC	http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/wbmp.c?r1=1.2.4.1&r2=1.2.4.1.8.1
MISC	http://ifsec.blogspot.com/2007/04/php-521-wbmp-file-handling-integer.html
CONFIRM	http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/wbmp.c?revision=1.2.4.1.8.1&view=markup
CONFIRM	https://issues.rpath.com/browse/RPL-1268
CONFIRM	http://us2.php.net/releases/4_4_7.php
CONFIRM	http://us2.php.net/releases/5_2_2.php
CONFIRM	http://docs.info.apple.com/article.html?artnum=306172
APPLE	APPLE-SA-2007-07-31
GENTOO	GLSA-200705-19
MANDRIVA	MDKSA-2007:087
MANDRIVA	MDKSA-2007:088
MANDRIVA	MDKSA-2007:089
MANDRIVA	MDKSA-2007:090
REDHAT	RHSA-2007:0155
REDHAT	RHSA-2007:0153
REDHAT	RHSA-2007:0162
SLACKWARE	SSA:2007-127
SUSE	SUSE-SA:2007:032
BID	23357
BID	25159
OVAL	oval:org.mitre.oval:def:10179
VUPEN	ADV-2007-1269
VUPEN	ADV-2007-2732
SECUNIA	24814
SECUNIA	24924
SECUNIA	24965
SECUNIA	24945
SECUNIA	24909
SECUNIA	25056
SECUNIA	25445
SECUNIA	26235
SECUNIA	25151
XF	php-gd-overflow(33453)