Fluid Attacks Database

Description

Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	libgd2	>=0 <2.0.35.dfsg-1	2.0.35.dfsg-1
debian 12	libwmf	=0.2.12-5.1 \|\| =0.2.12-5.2 \|\| =0.2.13-1 \|\| =0.2.13-1.1 \|\| =0.2.13-2 \|\| =0.2.14-1	-
debian 14	libgd2	>=0 <2.0.35.dfsg-1	2.0.35.dfsg-1
debian 13	racket	>=0 <5.0.2-1	5.0.2-1
debian 13	libgd2	>=0 <2.0.35.dfsg-1	2.0.35.dfsg-1
debian 13	libwmf	=0.2.13-1.1 \|\| =0.2.13-2 \|\| =0.2.14-1	-
debian 14	libwmf	=0.2.13-1.1 \|\| =0.2.13-2 \|\| =0.2.14-1	-
debian 11	racket	>=0 <5.0.2-1	5.0.2-1
debian 12	racket	>=0 <5.0.2-1	5.0.2-1
debian 14	racket	>=0 <5.0.2-1	5.0.2-1

1-10 of 13

Aliases

1. CVE-2007-39962. NVD-2007-39963. OSV-DEBIAN-2007-39964. OSV-2007-39965. SECURITY-TRACKER-CVE-2007-3996

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.