CVE-2007-3472

Published: Jun 28, 2007Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified attack vectors and impact.

Affected (9)

Products: Libgd: Gd Graphics Library

Libgd

1 product

Gd Graphics Library

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Libgd Gd Graphics Library	Up to 2.0.35
Libgd Gd Graphics Library	Version 2.0.33
Libgd Gd Graphics Library	Version 2.0.34
Libgd Gd Graphics Library	Version 2.0.34 rc1
Libgd Gd Graphics Library	Version 2.0.34 rc2
Libgd Gd Graphics Library	Version 2.0.35 rc1
Libgd Gd Graphics Library	Version 2.0.35 rc2
Libgd Gd Graphics Library	Version 2.0.35 rc3
Libgd Gd Graphics Library	Version 2.0.35 rc4

Related CWEs

CWE-189

References (74)

ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz (unsafe URL)

Source: cve@mitre.org

http://bugs.libgd.org/?do=details&task_id=89

Source: cve@mitre.org

http://fedoranews.org/updates/FEDORA-2007-205.shtml

Source: cve@mitre.org

http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html

Source: cve@mitre.org

http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html

Source: cve@mitre.org

http://osvdb.org/37745

Source: cve@mitre.org

http://secunia.com/advisories/25855

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/25860

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/26272

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/26390

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/26415

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/26467

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/26663

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/26766

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/26856

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/29157

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/30168

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/42813

Source: cve@mitre.org

Vendor Advisory

http://security.gentoo.org/glsa/glsa-200708-05.xml

Source: cve@mitre.org

http://security.gentoo.org/glsa/glsa-200711-34.xml

Source: cve@mitre.org

http://security.gentoo.org/glsa/glsa-200805-13.xml

Source: cve@mitre.org

http://www.libgd.org/ReleaseNote020035

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDKSA-2007:153

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDKSA-2007:164

Source: cve@mitre.org

http://www.novell.com/linux/security/advisories/2007_15_sr.html

Source: cve@mitre.org

http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2008-0146.html

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/archive/1/478796/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/24651

Source: cve@mitre.org

http://www.secweb.se/en/advisories/gd-gdimagecreatetruecolor-integer-overflow/

Source: cve@mitre.org

http://www.trustix.org/errata/2007/0024/

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/2336

Source: cve@mitre.org

Vendor Advisory

http://www.vupen.com/english/advisories/2011/0022

Source: cve@mitre.org

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=277421

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/35108

Source: cve@mitre.org

https://issues.rpath.com/browse/RPL-1643

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11067

Source: cve@mitre.org

ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz (unsafe URL)