22 Jul 08:58
[SECURITY] [DSA 1613-1] new libgd2 packages fix multiple vulnerabilities
From: Devin Carraway <devin <at> debian.org>
Subject: [SECURITY] [DSA 1613-1] new libgd2 packages fix multiple vulnerabilities
Newsgroups: gmane.comp.security.full-disclosure
Date: 2008-07-22 07:01:19 GMT
Subject: [SECURITY] [DSA 1613-1] new libgd2 packages fix multiple vulnerabilities
Newsgroups: gmane.comp.security.full-disclosure
Date: 2008-07-22 07:01:19 GMT
------------------------------------------------------------------------ Debian Security Advisory DSA-1613-1 security <at> debian.org http://www.debian.org/security/ Devin Carraway July 22, 2008 http://www.debian.org/security/faq ------------------------------------------------------------------------ Package : libgd2 Vulnerability : multiple vulnerabilities Problem type : local (remote) Debian-specific: no CVE Id(s) : CVE-2007-3476 CVE-2007-3477 CVE-2007-3996 CVE-2007-2445 Debian Bug : 443456 Multiple vulnerabilities have been identified in libgd2, a library for programmatic graphics creation and manipulation. The Common Vulnerabilities and Exposures project identifies the following three issues: CVE-2007-2445 Grayscale PNG files containing invalid tRNS chunk CRC values could cause a denial of service (crash), if a maliciously crafted image is loaded into an application using libgd. CVE-2007-3476 An array indexing error in libgd's GIF handling could induce a denial of service (crash with heap corruption) if exceptionally large color index values are supplied in a maliciously crafted(Continue reading)
RSS Feed