This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
HTTP:GD-GRAPHICS-PNG
|
Severity |
Major
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
HTTP
|
Keywords |
GD Graphics Library PNG Buffer Overflow
|
Release Date |
2013/07/09
|
Update Number |
2280
|
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: GD Graphics Library PNG Buffer Overflow
This signature detects attempts to exploit a known vulnerability in the GD Graphics Library. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.
Extended Description
The GD Graphics Library (gdlib) is affected by an integer overflow that facilitates a heap overflow. This issue is due to the library's failure to do proper sanity checking on size values contained within image-format files.
An attacker may leverage this issue to manipulate process heap memory, potentially leading to code execution and compromise of the computer running the affected library.
Affected Products
- Avaya converged_communications_server 2.0.0
- Avaya intuity LX
- Avaya mn100
- Avaya modular_messaging S3400
- Avaya modular_messaging_(mss) 1.1.0
- Avaya modular_messaging_(mss) 2.0.0
- Avaya network_routing
- Avaya s8300 R2.0.0
- Avaya s8300 R2.0.1
- Avaya s8500 R2.0.0
- Avaya s8500 R2.0.1
- Avaya s8700 R2.0.0
- Avaya s8700 R2.0.1
- Avaya s8710 R2.0.0
- Avaya s8710 R2.0.1
- Gd_graphics_library gdlib 1.8.4
- Gd_graphics_library gdlib 2.0.1
- Gd_graphics_library gdlib 2.0.15
- Gd_graphics_library gdlib 2.0.20
- Gd_graphics_library gdlib 2.0.21
- Gd_graphics_library gdlib 2.0.22
- Gd_graphics_library gdlib 2.0.23
- Gd_graphics_library gdlib 2.0.26
- Gd_graphics_library gdlib 2.0.27
- Gd_graphics_library gdlib 2.0.28
- Gentoo linux
- Mandriva corporate_server 3.0.0
- Mandriva corporate_server 3.0.0 X86 64
- Mandriva linux_mandrake 10.2.0
- Mandriva linux_mandrake 10.2.0 X86 64
- Mandriva linux_mandrake 2006.0.0
- Mandriva linux_mandrake 2006.0.0 X86 64
- Mandriva multi_network_firewall 2.0.0
- Openpkg openpkg 2.1.0
- Openpkg openpkg 2.2.0
- Openpkg openpkg Current
- Red_hat advanced_workstation_for_the_itanium_processor 2.1.0 IA64
- Red_hat desktop 3.0.0
- Red_hat enterprise_linux_as 2.1
- Red_hat enterprise_linux_as 3
- Red_hat enterprise_linux_es 2.1
- Red_hat enterprise_linux_es 3
- Red_hat enterprise_linux_ws 2.1
- Red_hat enterprise_linux_ws 3
- Rpath rpath_linux 1
- Sgi advanced_linux_environment 3.0.0
- Sgi propack 3.0.0
- Suse linux 8.0.0
- Suse linux 8.1.0
- Suse linux_desktop 1.0.0
- Suse linux_personal 10.0.0 OSS
- Suse linux_personal 8.2.0
- Suse linux_personal 9.0.0
- Suse linux_personal 9.0.0 X86 64
- Suse linux_personal 9.1.0
- Suse linux_personal 9.1.0 X86 64
- Suse linux_personal 9.2.0
- Suse linux_personal 9.2.0 X86 64
- Suse linux_personal 9.3.0
- Suse linux_personal 9.3.0 X86 64
- Suse linux_professional 10.0.0 OSS
- Suse linux_professional 8.2.0
- Suse linux_professional 9.0.0
- Suse linux_professional 9.0.0 X86 64
- Suse linux_professional 9.1.0
- Suse linux_professional 9.1.0 X86 64
- Suse linux_professional 9.2.0
- Suse linux_professional 9.2.0 X86 64
- Suse linux_professional 9.3.0
- Suse linux_professional 9.3.0 X86 64
- Suse novell_linux_desktop 9.0.0
- Suse open-enterprise-server 9.0.0
- Suse suse_linux_enterprise_server 8
- Suse suse_linux_enterprise_server 9
- Suse suse_linux_openexchange_server 4.0.0
- Suse suse_linux_retail_solution 8.0.0
- Suse suse_linux_school_server_for_i386
- Suse suse_linux_standard_server 8.0.0
- Trustix secure_enterprise_linux 2.0.0
- Trustix secure_linux 1.5.0
- Trustix secure_linux 2.0.0
- Trustix secure_linux 2.1.0
- Trustix secure_linux 2.2.0
- Turbolinux appliance_server 2.0
- Turbolinux fuji
- Turbolinux home
- Turbolinux turbolinux 10 F...
- Turbolinux turbolinux FUJI
- Turbolinux turbolinux_desktop 10.0.0
- Turbolinux turbolinux_server 10.0.0
- Turbolinux turbolinux_server 10.0.0 X64
- Ubuntu ubuntu_linux 4.1.0 Ia32
- Ubuntu ubuntu_linux 4.1.0 Ia64
- Ubuntu ubuntu_linux 4.1.0 Ppc
References