CVE-2007-3996

ADVISORY - nist

Summary

Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function.

EPSS Score⁠: 0.02786 (0.909)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-189⁠

Numeric Errors

ADVISORY - redhat

CWE-190⁠

Integer Overflow or Wraparound

Impacted images

Advisories

NIST

CREATED

17 years ago

UPDATED

7 years ago

ADVISORY IDCVE-2007-3996⁠

EXPLOITABILITY SCORE

8.6

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

6.8medium

Debian

CREATED

17 years ago

UPDATED

4 months ago

ADVISORY IDCVE-2007-3996⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Ubuntu

CREATED

17 years ago

UPDATED

7 months ago

ADVISORY IDCVE-2007-3996⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Red Hat

CREATED

17 years ago

UPDATED

1 year ago

ADVISORY IDCVE-2007-3996⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

N/Amedium

Oracle

CREATED

17 years ago

UPDATED

17 years ago

ADVISORY IDELSA-2007-0890⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium