gd -- multiple vulnerabilities

Description:

gd had been reported vulnerable to several vulnerabilities:

• CVE-2007-3472: Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers has unspecified attack vectors and impact.
• CVE-2007-3473: The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure.
• CVE-2007-3474: Multiple unspecified vulnerabilities in the GIF reader in the GD Graphics Library (libgd) before 2.0.35 allow user-assisted remote attackers to have unspecified attack vectors and impact.
• CVE-2007-3475: The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map.
• CVE-2007-3476: Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault.
• CVE-2007-3477: The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allows attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value.
• CVE-2007-3478: Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support.

References:

• CVE name CVE-2007-3472
• CVE name CVE-2007-3473
• CVE name CVE-2007-3474
• CVE name CVE-2007-3475
• CVE name CVE-2007-3476
• CVE name CVE-2007-3477
• CVE name CVE-2007-3478
• URL: <http://www.libgd.org/ReleaseNote020035>
• URL: <http://www.frsirt.com/english/advisories/2007/2336>
• URL: <http://bugs.libgd.org/?do=details&task_id=89>
• URL: <http://bugs.libgd.org/?do=details&task_id=94>
• URL: <http://bugs.libgd.org/?do=details&task_id=70>
• URL: <http://bugs.libgd.org/?do=details&task_id=87>
• URL: <http://bugs.libgd.org/?do=details&task_id=92>
• URL: <http://bugs.libgd.org/?do=details&task_id=74>
• URL: <http://bugs.libgd.org/?do=details&task_id=48>
• URL: <http://bugs.php.net/bug.php?id=40578>

Affects:

• gd <2.0.35,1

Disclaimer: The data contained on this page is derived from the VuXML document, please refer to the the original document for copyright information. The author of portaudit makes no claim of authorship or ownership of any of the information contained herein.

If you have found a vulnerability in a FreeBSD port not listed in the database, please contact the FreeBSD Security Team. Refer to "FreeBSD Security Information" for more information.