CVE-2007-1001
Vulnerability Summary
Timeline
Description
Multiple integer overflows in the (1) createwbmp and (2) readwbmp functions in wbmp.c in the GD library (libgd) in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allow context-dependent attackers to execute arbitrary code via Wireless Bitmap (WBMP) images with large width or height values.
CVSS Metrics
- v2.0•MEDIUM•Score: 6.8AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS Trends
Current EPSS score: 11.59%• Percentile: 94%
Techniques & Countermeasures
- CWE-189•Numeric Errors
Weaknesses in this category are related to improper calculation or conversion of numbers.
Affected Systems
- Unknown•PHP
4.0 | 4.0:beta_4_patch1 | 4.0:beta1 | 4.0:beta2 | 4.0:beta3 | 4.0:beta4 | 4.0:rc1 | 4.0:rc2 | 4.0.0 | 4.0.1 | 4.0.1:patch1 | 4.0.1:patch2 | 4.0.2 | 4.0.3 | 4.0.3:patch1 | 4.0.4 | 4.0.4:patch1 | 4.0.5 | 4.0.6 | 4.0.7 | 4.0.7:rc1 | 4.0.7:rc2 | 4.0.7:rc3 | 4.1.0 | 4.1.1 | 4.1.2 | 4.2 | 4.2.0 | 4.2.1 | 4.2.2 | 4.2.3 | 4.3.0 | 4.3.1 | 4.3.2 | 4.3.3 | 4.3.4 | 4.3.5 | 4.3.6 | 4.3.7 | 4.3.8 | 4.3.9 | 4.3.10 | 4.3.11 | 4.4.0 | 4.4.1 | 4.4.2 | 4.4.3 | 4.4.4 | 4.4.5 | 4.4.6 | 5.0:rc1 | 5.0:rc2 | 5.0:rc3 | 5.0.0 | 5.0.0:beta1 | 5.0.0:beta2 | 5.0.0:beta3 | 5.0.0:beta4 | 5.0.0:rc1 | 5.0.0:rc2 | 5.0.0:rc3 | 5.0.1 | 5.0.2 | 5.0.3 | 5.0.4 | 5.0.5 | 5.1.0 | 5.1.1 | 5.1.2 | 5.1.3 | 5.1.4 | 5.1.5 | 5.1.6 | 5.2.0 | 5.2.1
References (35)
- http://www.vupen.com/english/advisories/2007/2732
- http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.470053
- http://secunia.com/advisories/25056
- http://secunia.com/advisories/25151
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33453
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10179
- http://www.securityfocus.com/archive/1/466166/100/0/threaded
- http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
- http://security.gentoo.org/glsa/glsa-200705-19.xml
- http://www.redhat.com/support/errata/RHSA-2007-0162.html
- http://us2.php.net/releases/4_4_7.php
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:090
- http://www.securityfocus.com/archive/1/464957/100/0/threaded
- http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/wbmp.c?r1=1.2.4.1&r2=1.2.4.1.8.1
- http://secunia.com/advisories/24909
- http://ifsec.blogspot.com/2007/04/php-521-wbmp-file-handling-integer.html
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:087
- http://secunia.com/advisories/24945
- https://issues.rpath.com/browse/RPL-1268
- http://us2.php.net/releases/5_2_2.php
- http://docs.info.apple.com/article.html?artnum=306172
- http://secunia.com/advisories/24924
- http://www.securityfocus.com/bid/23357
- http://rhn.redhat.com/errata/RHSA-2007-0155.html
- http://www.vupen.com/english/advisories/2007/1269
- http://secunia.com/advisories/24965
- http://www.securityfocus.com/bid/25159
- http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/wbmp.c?revision=1.2.4.1.8.1&view=markup
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:089
- http://secunia.com/advisories/25445
- http://secunia.com/advisories/24814
- http://www.novell.com/linux/security/advisories/2007_32_php.html
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:088
- http://secunia.com/advisories/26235
- http://www.redhat.com/support/errata/RHSA-2007-0153.html