Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Debian Security Advisory DSA 1936-1 (libgd2)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update to libgd2 announced via advisory DSA 1936-1.
Insight
Insight
Several vulnerabilities have been discovered in libgd2, a library for programmatic graphics creation and manipulation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-0455 Kees Cook discovered a buffer overflow in libgd2's font renderer. An attacker could cause denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font. This issue only affects the oldstable distribution (etch). CVE-2009-3546 Tomas Hoger discovered a boundary error in the _gdGetColors() function. An attacker could conduct a buffer overflow or buffer over-read attacks via a crafted GD file. For the oldstable distribution (etch), these problems have been fixed in version 2.0.33-5.2etch2. For the stable distribution (lenny), these problems have been fixed in version 2.0.36~rc1~dfsg-3+lenny1. For the upcoming stable distribution (squeeze) and the unstable distribution ion (sid), these problems have been fixed in version 2.0.36~rc1~dfsg-3.1. We recommend that you upgrade your libgd2 packages.
Solution
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201936-1