CVE-2007-3996

Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function.

🔗 References (80)

• cve@mitrehttp://bugs.gentoo.org/show_bug.cgi?id=201546
• cve@mitrehttp://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html
• cve@mitrehttp://rhn.redhat.com/errata/RHSA-2007-0889.html
• cve@mitrehttp://secunia.com/advisories/26642
• cve@mitrehttp://secunia.com/advisories/26822
• cve@mitrehttp://secunia.com/advisories/26838
• cve@mitrehttp://secunia.com/advisories/26871
• cve@mitrehttp://secunia.com/advisories/26895
• cve@mitrehttp://secunia.com/advisories/26930
• cve@mitrehttp://secunia.com/advisories/26967
• cve@mitrehttp://secunia.com/advisories/27102
• cve@mitrehttp://secunia.com/advisories/27351
• cve@mitrehttp://secunia.com/advisories/27377
• cve@mitrehttp://secunia.com/advisories/27545
• cve@mitrehttp://secunia.com/advisories/28009