Search for vulnerabilities
Vulnerability details: VCID-ue8m-k2hy-aaad
Vulnerability ID VCID-ue8m-k2hy-aaad
Aliases CVE-2007-0455
Summary Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2007:0153
rhas Important https://access.redhat.com/errata/RHSA-2007:0155
rhas Moderate https://access.redhat.com/errata/RHSA-2007:0162
rhas Moderate https://access.redhat.com/errata/RHSA-2008:0146
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.04825 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.05124 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.05124 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.05124 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.05124 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.05124 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.05124 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.05124 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.05124 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.05124 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.05124 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.05124 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.05566 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.05566 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.05566 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.05566 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.05566 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.05566 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.05566 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.05566 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.05566 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.13998 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.20353 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.20353 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
epss 0.20353 https://api.first.org/data/v1/epss?cve=CVE-2007-0455
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=224607
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2007-0455
archlinux Critical https://security.archlinux.org/AVG-16
Reference id Reference type URL
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=224607
http://fedoranews.org/cms/node/2631
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html
http://lists.rpath.com/pipermail/security-announce/2007-February/000145.html
http://rhn.redhat.com/errata/RHSA-2007-0155.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-0455.json
https://api.first.org/data/v1/epss?cve=CVE-2007-0455
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0455
http://secunia.com/advisories/23916
http://secunia.com/advisories/24022
http://secunia.com/advisories/24052
http://secunia.com/advisories/24053
http://secunia.com/advisories/24107
http://secunia.com/advisories/24143
http://secunia.com/advisories/24151
http://secunia.com/advisories/24924
http://secunia.com/advisories/24945
http://secunia.com/advisories/24965
http://secunia.com/advisories/25575
http://secunia.com/advisories/29157
http://secunia.com/advisories/42813
https://issues.rpath.com/browse/RPL-1030
https://issues.rpath.com/browse/RPL-1268
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11303
http://www.mandriva.com/security/advisories?name=MDKSA-2007:035
http://www.mandriva.com/security/advisories?name=MDKSA-2007:036
http://www.mandriva.com/security/advisories?name=MDKSA-2007:038
http://www.mandriva.com/security/advisories?name=MDKSA-2007:109
http://www.redhat.com/support/errata/RHSA-2007-0153.html
http://www.redhat.com/support/errata/RHSA-2007-0162.html
http://www.redhat.com/support/errata/RHSA-2008-0146.html
http://www.securityfocus.com/archive/1/466166/100/0/threaded
http://www.securityfocus.com/bid/22289
http://www.trustix.org/errata/2007/0007
http://www.ubuntu.com/usn/usn-473-1
http://www.vupen.com/english/advisories/2007/0400
http://www.vupen.com/english/advisories/2011/0022
224607 https://bugzilla.redhat.com/show_bug.cgi?id=224607
408982 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=408982
ASA-201701-1 https://security.archlinux.org/ASA-201701-1
AVG-16 https://security.archlinux.org/AVG-16
cpe:2.3:a:gd_graphics_library:gdlib:2.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gd_graphics_library:gdlib:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:gd_graphics_library:gdlib:2.0.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gd_graphics_library:gdlib:2.0.15:*:*:*:*:*:*:*
cpe:2.3:a:gd_graphics_library:gdlib:2.0.20:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gd_graphics_library:gdlib:2.0.20:*:*:*:*:*:*:*
cpe:2.3:a:gd_graphics_library:gdlib:2.0.21:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gd_graphics_library:gdlib:2.0.21:*:*:*:*:*:*:*
cpe:2.3:a:gd_graphics_library:gdlib:2.0.22:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gd_graphics_library:gdlib:2.0.22:*:*:*:*:*:*:*
cpe:2.3:a:gd_graphics_library:gdlib:2.0.23:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gd_graphics_library:gdlib:2.0.23:*:*:*:*:*:*:*
cpe:2.3:a:gd_graphics_library:gdlib:2.0.26:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gd_graphics_library:gdlib:2.0.26:*:*:*:*:*:*:*
cpe:2.3:a:gd_graphics_library:gdlib:2.0.27:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gd_graphics_library:gdlib:2.0.27:*:*:*:*:*:*:*
cpe:2.3:a:gd_graphics_library:gdlib:2.0.28:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gd_graphics_library:gdlib:2.0.28:*:*:*:*:*:*:*
cpe:2.3:a:gd_graphics_library:gdlib:2.0.33:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gd_graphics_library:gdlib:2.0.33:*:*:*:*:*:*:*
cpe:2.3:a:gd_graphics_library_project:gd_graphics_library:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gd_graphics_library_project:gd_graphics_library:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:*
CVE-2007-0455 https://nvd.nist.gov/vuln/detail/CVE-2007-0455
RHSA-2007:0153 https://access.redhat.com/errata/RHSA-2007:0153
RHSA-2007:0155 https://access.redhat.com/errata/RHSA-2007:0155
RHSA-2007:0162 https://access.redhat.com/errata/RHSA-2007:0162
RHSA-2008:0146 https://access.redhat.com/errata/RHSA-2008:0146
USN-473-1 https://usn.ubuntu.com/473-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2007-0455
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.88521
EPSS Score 0.04825
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.