FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-3996

This CVE name corresponds to:

Entered	Topic
2007-09-11	php -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-3996 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2007-3996
Phase	Assigned(20070725)

Description

Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function.

References

Source	Reference
MISC	http://secweb.se/en/advisories/php-imagecopyresized-integer-overflow/
MISC	http://secweb.se/en/advisories/php-imagecreatetruecolor-integer-overflow/
CONFIRM	http://www.php.net/ChangeLog-5.php#5.2.4
CONFIRM	http://www.php.net/releases/5_2_4.php
CONFIRM	https://issues.rpath.com/browse/RPL-1702
CONFIRM	https://issues.rpath.com/browse/RPL-1693
CONFIRM	http://support.avaya.com/elmodocs2/security/ASA-2007-449.htm
CONFIRM	http://bugs.gentoo.org/show_bug.cgi?id=201546
DEBIAN	DSA-1613
FEDORA	FEDORA-2007-709
GENTOO	GLSA-200710-02
GENTOO	GLSA-200712-13
MANDRIVA	MDKSA-2007:187
REDHAT	RHSA-2007:0890
REDHAT	RHSA-2007:0889
REDHAT	RHSA-2007:0888
REDHAT	RHSA-2007:0891
SUSE	SUSE-SA:2008:004
TRUSTIX	2007-0026
UBUNTU	USN-557-1
OVAL	oval:org.mitre.oval:def:11147
VUPEN	ADV-2007-3023
SECUNIA	26642
SECUNIA	26822
SECUNIA	26838
SECUNIA	26930
SECUNIA	26871
SECUNIA	26895
SECUNIA	26967
SECUNIA	27351
SECUNIA	27377
SECUNIA	27545
SECUNIA	27102
SECUNIA	28009
SECUNIA	28147
SECUNIA	28658
SECUNIA	31168
SREASON	3103
XF	php-gdimagecopyresized-bo(36383)
XF	php-gdimagecreate-bo(36382)