69850 – GD Graphics Library Remote Integer Overflow Vulnerability

Bug 69850 - GD Graphics Library Remote Integer Overflow Vulnerability

Summary: GD Graphics Library Remote Integer Overflow Vulnerability

Status:	RESOLVED DUPLICATE of bug 69070

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High major (vote)
Assignee:	Gentoo Security

URL:	http://www.securityfocus.com/bid/11523
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2004-11-02 09:01 UTC by Robert Muchacki (RETIRED)
Modified:	2005-07-17 13:06 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Muchacki (RETIRED) gentoo-dev

2004-11-02 09:01:32 UTC

VULNERABILITIES 	 

GD Graphics Library Remote Integer Overflow Vulnerability
info 	discussion 	exploit 	solution 	credit 	help 	

The GD Graphics Library (gdlib) is affected by an integer overflow that facilitates a heap overflow. This issue is due to a failure of the library to do proper sanity checking on size values contained within image format files.

An attacker may leverage this issue to manipulate process heap memory, potentially leading to code execution and compromise of the computer running the affected library.

No known exploit out in the wild.

Reproducible: Always
Steps to Reproduce:
1.
2.
3.

Comment 1 Thierry Carrez (RETIRED) gentoo-dev

2004-11-02 09:09:05 UTC


*** This bug has been marked as a duplicate of 69070 ***