Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 69850

Summary: GD Graphics Library Remote Integer Overflow Vulnerability
Product: Gentoo Security Reporter: Robert Muchacki (RETIRED) <muchar>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: major    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.securityfocus.com/bid/11523
Whiteboard:
Package list:
Runtime testing required: ---

Description Robert Muchacki (RETIRED) gentoo-dev 2004-11-02 09:01:32 UTC 
VULNERABILITIES 	 

GD Graphics Library Remote Integer Overflow Vulnerability
info 	discussion 	exploit 	solution 	credit 	help 	

The GD Graphics Library (gdlib) is affected by an integer overflow that facilitates a heap overflow. This issue is due to a failure of the library to do proper sanity checking on size values contained within image format files.

An attacker may leverage this issue to manipulate process heap memory, potentially leading to code execution and compromise of the computer running the affected library.

No known exploit out in the wild.

Reproducible: Always
Steps to Reproduce:
1.
2.
3.
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2004-11-02 09:09:05 UTC 

*** This bug has been marked as a duplicate of 69070 ***