Vendor Status Note JVNCIAC-S-218

LibGD に複数の脆弱性

LibGD には、複数の脆弱性があります。

影響を受けるシステム
　- LibGD 2.0.35 より前のバージョン

遠隔の第三者が細工した画像ファイルを処理させることで、ユーザの権限で任意のコードを実行するなどの可能性があります。

ベンダ	リンク	更新日
LibGD	ReleaseNote020035
Red Hat	Security Advisory RHSA-2008:0146-2 Moderate: gd security update

1. ISS X-Force Database: php-lwzreadbyte-bo(30481)
   PHP LWZReadByte_ function buffer overflow
2. ISS X-Force Database: gdgraphicslibrary-gdft-bo(31907)
   GD Graphics Library gdft.c denial of service
3. ISS X-Force Database: rhel-rhsa-2006-0669-update(32349)
   RHSA-2006:0669 updates for php not installed
4. ISS X-Force Database: gd-gdpngreaddata-dos(34420)
   GD Graphics Library gdPngReadData denial of service
5. ISS X-Force Database: gd-imagecreatetruecolor-overflow(35108)
   GD Graphics Library gdImageCreateTrueColor integer overflow
6. ISS X-Force Database: gd-imagecreatexbm-dos(35109)
   GD Graphics Library gdImageCreateXbm denial of service
7. ISS X-Force Database: gd-colormap-dos(35413)
   GD Graphics Library color map denial of service
8. ISS X-Force Database: gd-gdgifin-dos(35415)
   GD Graphics Library gd_gif_in.c denial of service
9. ISS X-Force Database: rhel-rhsa-2007-0153-update(37971)
   RHSA-2007-0153 update not installed
10. ISS X-Force Database: rhel-rhsa-2007-0155-update(37973)
    RHSA-2007-0155 update not installed
11. ISS X-Force Database: rhel-rhsa-2007-0890-update(38085)
    RHSA-2007-0890 update not installed
12. ISS X-Force Database: sdlimage-gif-bo(39865)
    SDL_Image GIF file buffer overflow
13. ISS X-Force Database: tcltk-readimage-bo(40285)
    Tcl/Tk ReadImage() buffer overflow
14. ISS X-Force Database: netpbm-readimagedata-bo(40450)
    Netpbm readImageData() buffer overflow