Search for vulnerabilities
Vulnerability details: VCID-vvka-hnxa-aaab
Vulnerability ID VCID-vvka-hnxa-aaab
Aliases CVE-2007-3476
Summary Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-189 Numeric Errors
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2008:0146
epss 0.02255 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.02255 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.02255 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.02255 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.02255 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.02255 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.02255 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.02255 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.02255 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.02255 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.02255 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.02255 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.03163 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.03163 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.03163 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.03796 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.03867 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
epss 0.05183 https://api.first.org/data/v1/epss?cve=CVE-2007-3476
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=277201
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2007-3476
Reference id Reference type URL
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz
http://bugs.libgd.org/?do=details&task_id=87
http://fedoranews.org/updates/FEDORA-2007-205.shtml
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html
http://osvdb.org/37741
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3476.json
https://api.first.org/data/v1/epss?cve=CVE-2007-3476
https://bugzilla.redhat.com/show_bug.cgi?id=277421
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3476
http://secunia.com/advisories/25860
http://secunia.com/advisories/26272
http://secunia.com/advisories/26390
http://secunia.com/advisories/26415
http://secunia.com/advisories/26467
http://secunia.com/advisories/26663
http://secunia.com/advisories/26766
http://secunia.com/advisories/26856
http://secunia.com/advisories/29157
http://secunia.com/advisories/30168
http://secunia.com/advisories/31168
http://secunia.com/advisories/42813
http://security.gentoo.org/glsa/glsa-200708-05.xml
http://security.gentoo.org/glsa/glsa-200711-34.xml
http://security.gentoo.org/glsa/glsa-200805-13.xml
https://issues.rpath.com/browse/RPL-1643
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10348
http://www.debian.org/security/2008/dsa-1613
http://www.libgd.org/ReleaseNote020035
http://www.mandriva.com/security/advisories?name=MDKSA-2007:153
http://www.mandriva.com/security/advisories?name=MDKSA-2007:164
http://www.novell.com/linux/security/advisories/2007_15_sr.html
http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html
http://www.redhat.com/support/errata/RHSA-2008-0146.html
http://www.securityfocus.com/archive/1/478796/100/0/threaded
http://www.securityfocus.com/bid/24651
http://www.trustix.org/errata/2007/0024/
http://www.vupen.com/english/advisories/2011/0022
277201 https://bugzilla.redhat.com/show_bug.cgi?id=277201
601525 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=601525
cpe:2.3:a:gd_graphics_library:gdlib:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gd_graphics_library:gdlib:*:*:*:*:*:*:*:*
CVE-2007-3476 https://nvd.nist.gov/vuln/detail/CVE-2007-3476
GLSA-200708-05 https://security.gentoo.org/glsa/200708-05
RHSA-2008:0146 https://access.redhat.com/errata/RHSA-2008:0146
USN-854-1 https://usn.ubuntu.com/854-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2007-3476
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.89865
EPSS Score 0.02255
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.