FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-6697

This CVE name corresponds to:

Entered Topic
2008-05-02 sdl_image -- buffer overflow vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-6697 at cve.mitre.org

Details

Type Candidate
Name CVE-2007-6697
Phase Assigned(20080201)

Description

Buffer overflow in the LWZReadByte function in IMG_gif.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, a similar issue to CVE-2006-4484. NOTE: some of these details are obtained from third party information.

References

Source Reference
BUGTRAQ 20080123 SDL_Image 1.2.6 and prior GIF handling buffer overflow
BUGTRAQ 20080213 rPSA-2008-0061-1 SDL_image
MISC http://vexillium.org/?sec-sdlgif
CONFIRM http://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/CHANGES?revision=3462&view=markup
CONFIRM http://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/IMG_gif.c?r1=2970&r2=3462
CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=207933
CONFIRM http://wiki.rpath.com/Advisories:rPSA-2008-0061
CONFIRM https://issues.rpath.com/browse/RPL-2206
DEBIAN DSA-1493
FEDORA FEDORA-2008-1208
FEDORA FEDORA-2008-1231
GENTOO GLSA-200802-01
MANDRIVA MDVSA-2008:040
UBUNTU USN-595-1
BID 27417
VUPEN ADV-2008-0266
SECUNIA 28640
SECUNIA 28850
SECUNIA 28830
SECUNIA 28837
SECUNIA 28752
SECUNIA 28869
SECUNIA 29542
XF sdlimage-gif-bo(39865)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.