Fluid Attacks Database

Description

Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	libgd2	>=0 <2.0.35.dfsg-1	2.0.35.dfsg-1
debian 13	libgd2	>=0 <2.0.35.dfsg-1	2.0.35.dfsg-1
debian 11	libwmf	=0.2.12-1 \|\| =0.2.12-2 \|\| =0.2.12-3 \|\| =0.2.12-4 \|\| =0.2.12-5 \|\| =0.2.12-5.1 \|\| =0.2.12-5.2 \|\| =0.2.13-1 \|\| =0.2.13-1.1 \|\| =0.2.13-2 \|\| =0.2.14-1 \|\| =0.2.8.4-17	-
debian 14	libwmf	=0.2.13-1.1 \|\| =0.2.13-2 \|\| =0.2.14-1	-
debian 14	racket	>=0 <5.0.2-1	5.0.2-1
debian 13	libwmf	=0.2.13-1.1 \|\| =0.2.13-2 \|\| =0.2.14-1	-
debian 13	racket	>=0 <5.0.2-1	5.0.2-1
debian 11	racket	>=0 <5.0.2-1	5.0.2-1
debian 12	libwmf	=0.2.12-5.1 \|\| =0.2.12-5.2 \|\| =0.2.13-1 \|\| =0.2.13-1.1 \|\| =0.2.13-2 \|\| =0.2.14-1	-
debian 11	libgd2	>=0 <2.0.35.dfsg-1	2.0.35.dfsg-1

1-10 of 13

Aliases

1. CVE-2007-34762. NVD-2007-34763. OSV-DEBIAN-2007-34764. OSV-2007-34765. SECURITY-TRACKER-CVE-2007-3476

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.