CVE-2006-4484

Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array.

CVSS v2.0 2.6 LOW

2.6^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:H/Au:N/C:N/I:N/A:P

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://bugs.php.net/bug.php?id=38112	Exploit
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_gif_in.c?r1=1.10&r2=1.11	Patch
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_gif_in.c?view=log	Patch
http://www.php.net/ChangeLog-5.php#5.1.5
http://www.php.net/release_5_1_5.php	Patch
http://secunia.com/advisories/21546	Patch Vendor Advisory
http://www.ubuntu.com/usn/usn-342-1
http://secunia.com/advisories/21768	Vendor Advisory
http://secunia.com/advisories/21842	Vendor Advisory
http://www.novell.com/linux/security/advisories/2006_52_php.html
http://secunia.com/advisories/22069
http://securitytracker.com/id?1016984
https://issues.rpath.com/browse/RPL-683
http://secunia.com/advisories/22225
http://support.avaya.com/elmodocs2/security/ASA-2006-222.htm
http://secunia.com/advisories/22440
http://support.avaya.com/elmodocs2/security/ASA-2006-223.htm
http://rhn.redhat.com/errata/RHSA-2006-0688.html
ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
http://www.securityfocus.com/bid/19582
http://secunia.com/advisories/22538
http://secunia.com/advisories/22487
http://secunia.com/advisories/22039
http://www.turbolinux.com/security/2006/TLSA-2006-38.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2006:162
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0046
https://issues.rpath.com/browse/RPL-2218
http://www.mandriva.com/security/advisories?name=MDVSA-2008:038
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html
http://secunia.com/advisories/28768
http://secunia.com/advisories/28838
http://secunia.com/advisories/28845
http://wiki.rpath.com/Advisories:rPSA-2008-0046
https://bugzilla.redhat.com/show_bug.cgi?id=431568
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00502.html
http://secunia.com/advisories/28866
http://secunia.com/advisories/28959
http://www.redhat.com/support/errata/RHSA-2008-0146.html
http://secunia.com/advisories/29157
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
http://secunia.com/advisories/29242
http://www.mandriva.com/security/advisories?name=MDVSA-2008:077
http://secunia.com/advisories/29546
http://www.novell.com/linux/security/advisories/2008_13_sr.html
http://secunia.com/advisories/30717
http://www.vupen.com/english/advisories/2006/3318
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9004
http://www.securityfocus.com/archive/1/488008/100/0/threaded
http://www.securityfocus.com/archive/1/487683/100/0/threaded
http://www.securityfocus.com/archive/1/447866/100/0/threaded

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:php:php:5.1.4:::::::*
	cpe:2.3:a:php:php:5.1.0:::::::*
	cpe:2.3:a:php:php:5.1.1:::::::*
	cpe:2.3:a:php:php:5.1.2:::::::*

Information

Published : 2006-08-31 14:04

Updated : 2018-10-30 09:25

NVD link : CVE-2006-4484

Mitre link : CVE-2006-4484

JSON object : View

CWE

NVD-CWE-Other

Products Affected

php

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://bugs.php.net/bug.php?id=38112", "name": "http://bugs.php.net/bug.php?id=38112", "tags": ["Exploit"], "refsource": "CONFIRM"}, {"url": "http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_gif_in.c?r1=1.10&r2=1.11", "name": "http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_gif_in.c?r1=1.10&r2=1.11", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_gif_in.c?view=log", "name": "http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_gif_in.c?view=log", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://www.php.net/ChangeLog-5.php#5.1.5", "name": "http://www.php.net/ChangeLog-5.php#5.1.5", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.php.net/release_5_1_5.php", "name": "http://www.php.net/release_5_1_5.php", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/21546", "name": "21546", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.ubuntu.com/usn/usn-342-1", "name": "USN-342-1", "tags": [], "refsource": "UBUNTU"}, {"url": "http://secunia.com/advisories/21768", "name": "21768", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/21842", "name": "21842", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.novell.com/linux/security/advisories/2006_52_php.html", "name": "SUSE-SA:2006:052", "tags": [], "refsource": "SUSE"}, {"url": "http://secunia.com/advisories/22069", "name": "22069", "tags": [], "refsource": "SECUNIA"}, {"url": "http://securitytracker.com/id?1016984", "name": "1016984", "tags": [], "refsource": "SECTRACK"}, {"url": "https://issues.rpath.com/browse/RPL-683", "name": "https://issues.rpath.com/browse/RPL-683", "tags": [], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/22225", "name": "22225", "tags": [], "refsource": "SECUNIA"}, {"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-222.htm", "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-222.htm", "tags": [], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/22440", "name": "22440", "tags": [], "refsource": "SECUNIA"}, {"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-223.htm", "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-223.htm", "tags": [], "refsource": "CONFIRM"}, {"url": "http://rhn.redhat.com/errata/RHSA-2006-0688.html", "name": "RHSA-2006:0688", "tags": [], "refsource": "REDHAT"}, {"url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc", "name": "20061001-01-P", "tags": [], "refsource": "SGI"}, {"url": "http://www.securityfocus.com/bid/19582", "name": "19582", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/22538", "name": "22538", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/22487", "name": "22487", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/22039", "name": "22039", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.turbolinux.com/security/2006/TLSA-2006-38.txt", "name": "TLSA-2006-38", "tags": [], "refsource": "TURBO"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:162", "name": "MDKSA-2006:162", "tags": [], "refsource": "MANDRIVA"}, {"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0046", "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0046", "tags": [], "refsource": "CONFIRM"}, {"url": "https://issues.rpath.com/browse/RPL-2218", "name": "https://issues.rpath.com/browse/RPL-2218", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:038", "name": "MDVSA-2008:038", "tags": [], "refsource": "MANDRIVA"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html", "name": "SUSE-SR:2008:003", "tags": [], "refsource": "SUSE"}, {"url": "http://secunia.com/advisories/28768", "name": "28768", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/28838", "name": "28838", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/28845", "name": "28845", "tags": [], "refsource": "SECUNIA"}, {"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0046", "name": "http://wiki.rpath.com/Advisories:rPSA-2008-0046", "tags": [], "refsource": "CONFIRM"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=431568", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=431568", "tags": [], "refsource": "CONFIRM"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00502.html", "name": "FEDORA-2008-1643", "tags": [], "refsource": "FEDORA"}, {"url": "http://secunia.com/advisories/28866", "name": "28866", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/28959", "name": "28959", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0146.html", "name": "RHSA-2008:0146", "tags": [], "refsource": "REDHAT"}, {"url": "http://secunia.com/advisories/29157", "name": "29157", "tags": [], "refsource": "SECUNIA"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html", "name": "SUSE-SR:2008:005", "tags": [], "refsource": "SUSE"}, {"url": "http://secunia.com/advisories/29242", "name": "29242", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:077", "name": "MDVSA-2008:077", "tags": [], "refsource": "MANDRIVA"}, {"url": "http://secunia.com/advisories/29546", "name": "29546", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.novell.com/linux/security/advisories/2008_13_sr.html", "name": "SUSE-SR:2008:013", "tags": [], "refsource": "SUSE"}, {"url": "http://secunia.com/advisories/30717", "name": "30717", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2006/3318", "name": "ADV-2006-3318", "tags": [], "refsource": "VUPEN"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9004", "name": "oval:org.mitre.oval:def:9004", "tags": [], "refsource": "OVAL"}, {"url": "http://www.securityfocus.com/archive/1/488008/100/0/threaded", "name": "20080212 FLEA-2008-0007-1 gd", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/487683/100/0/threaded", "name": "20080206 rPSA-2008-0046-1 gd", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/447866/100/0/threaded", "name": "20061005 rPSA-2006-0182-1 php php-mysql php-pgsql", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-4484", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "severity": "LOW", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2006-08-31T21:04Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-30T16:25Z"}

2.6 /10