CVE-2006-4484

Severity

26%

Complexity

49%

Confidentiality

48%

Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array.

Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array.

CVSS 2.0 Base Score 2.6. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (AV:N/AC:H/Au:N/C:N/I:N/A:P).

Overview

Type

PHP

First reported 18 years ago

2006-08-31 21:04:00

Last updated 6 years ago

2018-10-30 16:25:00

Affected Software

PHP PHP 5.1.0

5.1.0

PHP PHP 5.1.1

5.1.1

PHP PHP 5.1.2

5.1.2

PHP 5.1.4

5.1.4

References

20061001-01-P

http://bugs.php.net/bug.php?id=38112

Exploit

http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_gif_in.c?r1=1.10&r2=1.11

Patch

http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_gif_in.c?view=log

Patch

SUSE-SR:2008:003

SUSE-SR:2008:005

RHSA-2006:0688

21546

Patch, Vendor Advisory

21768

Vendor Advisory

21842

Vendor Advisory

22039

22069

22225

22440

22487

22538

28768

28838

28845

28866

28959

29157

29242

29546

30717

1016984

http://support.avaya.com/elmodocs2/security/ASA-2006-222.htm

http://support.avaya.com/elmodocs2/security/ASA-2006-223.htm

http://wiki.rpath.com/Advisories:rPSA-2008-0046

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0046

MDKSA-2006:162

MDVSA-2008:038

MDVSA-2008:077

SUSE-SA:2006:052

SUSE-SR:2008:013

http://www.php.net/ChangeLog-5.php#5.1.5

http://www.php.net/release_5_1_5.php

Patch

RHSA-2008:0146

20061005 rPSA-2006-0182-1 php php-mysql php-pgsql

20080206 rPSA-2008-0046-1 gd

20080212 FLEA-2008-0007-1 gd

19582

TLSA-2006-38

USN-342-1

ADV-2006-3318

https://bugzilla.redhat.com/show_bug.cgi?id=431568

https://issues.rpath.com/browse/RPL-2218

https://issues.rpath.com/browse/RPL-683

oval:org.mitre.oval:def:9004

FEDORA-2008-1643

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.