Search for vulnerabilities
Vulnerability details: VCID-3bg3-tgvh-aaab
Vulnerability ID VCID-3bg3-tgvh-aaab
Aliases CVE-2007-3478
Summary Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support.
Status Published
Exploitability 0.5
Weighted Severity 3.9
Risk 1.9
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
System Score Found at
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.1182 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.12073 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.15438 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.15438 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.15438 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.17666 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.17666 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.17666 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.17666 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.20326 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.20326 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.20326 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.20326 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.20326 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.20326 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
epss 0.20326 https://api.first.org/data/v1/epss?cve=CVE-2007-3478
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=277231
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2007-3478
Reference id Reference type URL
http://bugs.libgd.org/?do=details&task_id=48
http://bugs.php.net/bug.php?id=40578
http://fedoranews.org/updates/FEDORA-2007-205.shtml
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html
http://osvdb.org/37740
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3478.json
https://api.first.org/data/v1/epss?cve=CVE-2007-3478
https://bugzilla.redhat.com/show_bug.cgi?id=277421
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3478
http://secunia.com/advisories/25855
http://secunia.com/advisories/26272
http://secunia.com/advisories/26390
http://secunia.com/advisories/26415
http://secunia.com/advisories/26467
http://secunia.com/advisories/26663
http://secunia.com/advisories/26766
http://secunia.com/advisories/26856
http://secunia.com/advisories/30168
http://secunia.com/advisories/42813
http://security.gentoo.org/glsa/glsa-200708-05.xml
http://security.gentoo.org/glsa/glsa-200711-34.xml
http://security.gentoo.org/glsa/glsa-200805-13.xml
https://issues.rpath.com/browse/RPL-1643
http://www.libgd.org/ReleaseNote020035
http://www.mandriva.com/security/advisories?name=MDKSA-2007:153
http://www.mandriva.com/security/advisories?name=MDKSA-2007:164
http://www.novell.com/linux/security/advisories/2007_15_sr.html
http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html
http://www.securityfocus.com/archive/1/478796/100/0/threaded
http://www.trustix.org/errata/2007/0024/
http://www.vupen.com/english/advisories/2007/2336
http://www.vupen.com/english/advisories/2011/0022
277231 https://bugzilla.redhat.com/show_bug.cgi?id=277231
cpe:2.3:a:gd_graphics_library:gdlib:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gd_graphics_library:gdlib:*:*:*:*:*:*:*:*
CVE-2007-3478 https://nvd.nist.gov/vuln/detail/CVE-2007-3478
GLSA-200708-05 https://security.gentoo.org/glsa/200708-05
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2007-3478
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.9308
EPSS Score 0.1182
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.