CVE-2007-1001

critical

Description

Multiple integer overflows in the (1) createwbmp and (2) readwbmp functions in wbmp.c in the GD library (libgd) in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allow context-dependent attackers to execute arbitrary code via Wireless Bitmap (WBMP) images with large width or height values.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10179

https://issues.rpath.com/browse/RPL-1268

https://exchange.xforce.ibmcloud.com/vulnerabilities/33453

http://www.vupen.com/english/advisories/2007/2732

http://www.vupen.com/english/advisories/2007/1269

http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.470053

http://www.securityfocus.com/bid/25159

http://www.securityfocus.com/bid/23357

http://www.securityfocus.com/archive/1/466166/100/0/threaded

http://www.securityfocus.com/archive/1/464957/100/0/threaded

http://www.redhat.com/support/errata/RHSA-2007-0162.html

http://www.redhat.com/support/errata/RHSA-2007-0153.html

http://www.novell.com/linux/security/advisories/2007_32_php.html

http://www.mandriva.com/security/advisories?name=MDKSA-2007:090

http://www.mandriva.com/security/advisories?name=MDKSA-2007:089

http://www.mandriva.com/security/advisories?name=MDKSA-2007:088

http://www.mandriva.com/security/advisories?name=MDKSA-2007:087

http://us2.php.net/releases/5_2_2.php

http://us2.php.net/releases/4_4_7.php

http://security.gentoo.org/glsa/glsa-200705-19.xml

http://secunia.com/advisories/26235

http://secunia.com/advisories/25445

http://secunia.com/advisories/25151

http://secunia.com/advisories/25056

http://secunia.com/advisories/24965

http://secunia.com/advisories/24945

http://secunia.com/advisories/24924

http://secunia.com/advisories/24909

http://secunia.com/advisories/24814

http://rhn.redhat.com/errata/RHSA-2007-0155.html

http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html

http://ifsec.blogspot.com/2007/04/php-521-wbmp-file-handling-integer.html

http://docs.info.apple.com/article.html?artnum=306172

http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/wbmp.c?revision=1.2.4.1.8.1&view=markup

http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/wbmp.c?r1=1.2.4.1&r2=1.2.4.1.8.1

Details

Source: Mitre, NVD

Published: 2007-04-06

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical