LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for November 27, 2008

LWN.net Weekly Edition for November 20, 2008

MinGW and why Linux users should care

LWN.net Weekly Edition for November 13, 2008

NLUUG/ELCE: Embedded devices and free software

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

gd: buffer overflow

Package(s):gd CVE #(s):CVE-2007-0455
Created:February 7, 2007 Updated:February 28, 2008
Description: The gd graphics library contains a buffer overflow which could enable a remote attacker to execute arbitrary code. Note that various other packages include code from gd and could also be vulnerable.
Alerts:
Red Hat RHSA-2008:0146-01 2008-02-28
Ubuntu USN-473-1 2007-06-11
OpenPKG OpenPKG-SA-2007.016 2007-05-18
Trustix TSLSA-2007-0007 2007-02-13
Fedora FEDORA-2007-150 2007-02-12
Fedora FEDORA-2007-149 2007-02-12
rPath rPSA-2007-0028-1 2007-02-08
Mandriva MDKSA-2007:038 2006-02-06
Mandriva MDKSA-2007:036 2006-02-06
Mandriva MDKSA-2007:035 2006-02-06
(Log in to post comments)

gd: buffer overflow

Posted Feb 8, 2007 8:16 UTC (Thu) by mjcox@redhat.com (guest, #31775) [Link]

Note this is a single NUL byte overflow at the end of a string

Thank you

Posted Feb 9, 2007 23:36 UTC (Fri) by michaelkjohnson (subscriber, #41438) [Link]

You are right; I made a mistake crafting the announcement.
I have published rPSA-2007-0028-2 which corrects this mistake.

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds