CVE-2007-3476

Name of the Vulnerable Software and Affected Versions libgd2-xpm-dev (affected versions not specified) libgd2-noxpm (affected versions not specified) libgd2-noxpm-dev (affected versions not specified) libgd2-xpm (affected versions not specified) GD Graphics Library (libgd) versions prior to 2.0.35 gd (versions prior to 2.0.35)

Description The issue concerns multiple vulnerabilities in the libgd2-xpm-dev, libgd2-noxpm, libgd2-noxpm-dev, and libgd2-xpm packages of the Debian GNU/Linux operating system, as well as the GD Graphics Library (libgd) and the gd package of the Gentoo Linux operating system. These vulnerabilities can be exploited remotely, potentially leading to a disruption of confidentiality, integrity, and availability of protected information. Specifically, an array index error in the gd gif in.c file of the GD Graphics Library (libgd) before version 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, resulting in a segmentation fault.

Recommendations For libgd2-xpm-dev, consider updating to a version that includes the fix for this issue. For libgd2-noxpm, consider updating to a version that includes the fix for this issue. For libgd2-noxpm-dev, consider updating to a version that includes the fix for this issue. For libgd2-xpm, consider updating to a version that includes the fix for this issue. For GD Graphics Library (libgd) versions prior to 2.0.35, update to version 2.0.35 or later to resolve the issue. For gd versions prior to 2.0.35, update to version 2.0.35 or later to resolve the issue.