PT-2007-1091 · Gd+3 · Libgd+3

Published

2007-05-18

Updated

2024-06-15

CVE-2007-2756

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions: libgd versions 2.0.34 and earlier libgd version prior to 2.0.35

Description: The issue allows attackers to cause a denial of service, specifically CPU consumption, via a crafted PNG image with truncated data. This can lead to an infinite loop in the png read info function in libpng. Multiple vulnerabilities in the gd package can be exploited remotely, potentially disrupting the availability of protected information.

Recommendations: For libgd versions 2.0.34 and earlier, update to version 2.0.35 or later to resolve the issue. For libgd version prior to 2.0.35, update to version 2.0.35 or later to resolve the issue. As a temporary workaround, consider restricting the use of the gdPngReadData function until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

BDU:2015-09579

CVE-2007-2756

DSA-1613-1

HPSBUX02262

OPENSUSE-SU-2024:10777-1

RHSA-2007:0889

RHSA-2007:0890

RHSA-2007:0891

RHSA-2007_0890

RHSA-2008:0146

RHSA-2008_0146

Affected Products

Hp-Ux

Red Hat

Libgd

Libpng

PT-2007-1091 · Gd+3 · Libgd+3

CVE-2007-2756

Related Identifiers

Affected Products

References · 124