Search for vulnerabilities
Vulnerability details: VCID-hcd8-7xx7-aaah
Vulnerability ID VCID-hcd8-7xx7-aaah
Aliases CVE-2007-3473
Summary The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure.
Status Published
Exploitability 2.0
Weighted Severity 9.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-476 NULL Pointer Dereference
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2008:0146
epss 0.20467 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.20467 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.20467 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.20467 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.20467 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.20467 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.20467 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.24312 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.24312 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.24312 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.25419 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.25419 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.25419 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.25419 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.25419 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.25419 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.25419 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.25419 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.25419 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.25419 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.25419 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.25419 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.25419 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.25419 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.25419 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.25419 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.25419 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.25419 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.25419 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.25419 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.25419 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.25419 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.25419 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.25419 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.25419 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.25419 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.25419 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.25419 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.25419 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.25419 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.25419 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.25419 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.25419 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.25419 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.27008 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.27008 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.27008 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.27029 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.28527 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.28527 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.28527 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.28527 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.28527 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.28527 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.28527 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.28527 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.28527 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.28527 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.28527 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.28527 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.28527 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.28527 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.28527 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.28527 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.28527 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.28527 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.28527 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.28527 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.28527 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.28527 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.28527 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.28527 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.28527 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
epss 0.28527 https://api.first.org/data/v1/epss?cve=CVE-2007-3473
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=276791
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2007-3473
archlinux Critical https://security.archlinux.org/AVG-16
Reference id Reference type URL
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz
http://bugs.libgd.org/?do=details&task_id=94
http://fedoranews.org/updates/FEDORA-2007-205.shtml
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html
http://osvdb.org/37744
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3473.json
https://api.first.org/data/v1/epss?cve=CVE-2007-3473
https://bugzilla.redhat.com/show_bug.cgi?id=277421
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3473
http://secunia.com/advisories/25855
http://secunia.com/advisories/25860
http://secunia.com/advisories/26272
http://secunia.com/advisories/26390
http://secunia.com/advisories/26415
http://secunia.com/advisories/26467
http://secunia.com/advisories/26663
http://secunia.com/advisories/26766
http://secunia.com/advisories/26856
http://secunia.com/advisories/29157
http://secunia.com/advisories/30168
http://secunia.com/advisories/42813
http://security.gentoo.org/glsa/glsa-200708-05.xml
http://security.gentoo.org/glsa/glsa-200711-34.xml
http://security.gentoo.org/glsa/glsa-200805-13.xml
https://exchange.xforce.ibmcloud.com/vulnerabilities/35109
https://issues.rpath.com/browse/RPL-1643
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11806
http://www.libgd.org/ReleaseNote020035
http://www.mandriva.com/security/advisories?name=MDKSA-2007:153
http://www.mandriva.com/security/advisories?name=MDKSA-2007:164
http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html
http://www.redhat.com/support/errata/RHSA-2008-0146.html
http://www.securityfocus.com/archive/1/478796/100/0/threaded
http://www.securityfocus.com/bid/24651
http://www.trustix.org/errata/2007/0024/
http://www.vupen.com/english/advisories/2007/2336
http://www.vupen.com/english/advisories/2011/0022
276791 https://bugzilla.redhat.com/show_bug.cgi?id=276791
ASA-201701-1 https://security.archlinux.org/ASA-201701-1
AVG-16 https://security.archlinux.org/AVG-16
cpe:2.3:a:libgd:gd_graphics_library:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgd:gd_graphics_library:*:*:*:*:*:*:*:*
CVE-2007-3473 https://nvd.nist.gov/vuln/detail/CVE-2007-3473
CVE-2007-3473;OSVDB-37744 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/30251.c
CVE-2007-3473;OSVDB-37744 Exploit https://www.securityfocus.com/bid/24651/info
GLSA-200708-05 https://security.gentoo.org/glsa/200708-05
RHSA-2008:0146 https://access.redhat.com/errata/RHSA-2008:0146
Data source Exploit-DB
Date added June 26, 2007
Description GD Graphics Library 2.0.34 - 'libgd' gdImageCreateXbm Function Unspecified Denial of Service
Ransomware campaign use Known
Source publication date June 26, 2007
Exploit type dos
Platform linux
Source update date Dec. 13, 2013
Source URL https://www.securityfocus.com/bid/24651/info
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2007-3473
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.96521
EPSS Score 0.20467
Published At Nov. 20, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.