CVE-2007-3996

Name of the Vulnerable Software and Affected Versions libgd2-xpm-dev versions prior to 5.2.4 libgd2-noxpm versions prior to 5.2.4 libgd2-noxpm-dev versions prior to 5.2.4 libgd2-xpm versions prior to 5.2.4

Description The issue involves multiple integer overflows in the libgd library, which can lead to a denial of service (application crash) and possibly allow remote attackers to execute arbitrary code. This can be achieved by providing a large value to certain functions, such as gdImageCopyResized, gdImageCreate, or gdImageCreateTrueColor. The vulnerability can be exploited remotely, potentially disrupting the confidentiality, integrity, and availability of protected information.

Recommendations For libgd2-xpm-dev versions prior to 5.2.4, update to version 5.2.4 or later to resolve the issue. For libgd2-noxpm versions prior to 5.2.4, update to version 5.2.4 or later to resolve the issue. For libgd2-noxpm-dev versions prior to 5.2.4, update to version 5.2.4 or later to resolve the issue. For libgd2-xpm versions prior to 5.2.4, update to version 5.2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable functions, such as gdImageCopyResized, gdImageCreate, or gdImageCreateTrueColor, until a patch is available.