製品・ソフトウェアに関する情報

JVN脆弱性詳細

libgd の imagearc 関数などにおけるサービス運用妨害 (DoS) の脆弱性

Title	libgd の imagearc 関数などにおけるサービス運用妨害 (DoS) の脆弱性
Summary	GD Graphics Library (libgd) の (a) imagearc および (b) imagefilledarc 関数には、サービス運用妨害 (CPU 消費) 状態となる脆弱性が存在します。
Possible impacts	第三者により、(1) start および (2) end の過度に大きい角度数の値を介して、サービス運用妨害 (CPU 消費) 状態にされる可能性があります。
Solution	参考情報を参照して適切な対策を実施してください。
Publication Date	June 28, 2007, midnight
Registration Date	Sept. 25, 2012, 4:47 p.m.
Last Update	Sept. 25, 2012, 4:47 p.m.

CVSS2.0 : 警告
Score	5
Vector	AV:N/AC:L/Au:N/C:N/I:N/A:P

Affected System

LibGD project

LibGD 2.0.35 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2007-3477	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3477
National Vulnerability Database (NVD)
2	CVE-2007-3477	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3477

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-399	https://jvndb.jvn.jp/ja/cwe/CWE-399.html

Change Log

No	Changed Details	Date of change
0	[2012年09月25日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2007-3477

Summary	The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allow attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value.
Publication Date	June 29, 2007, 3:30 a.m.
Registration Date	Jan. 29, 2021, 2:15 p.m.
Last Update	Oct. 17, 2018, 1:50 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:libgd:gd_graphics_library:2.0.33:::::::*
cpe:2.3:a:libgd:gd_graphics_library:2.0.34:::::::*
cpe:2.3:a:libgd:gd_graphics_library:2.0.34:rc1::::::
cpe:2.3:a:libgd:gd_graphics_library:2.0.34:rc2::::::
cpe:2.3:a:libgd:gd_graphics_library:2.0.35:rc1::::::
cpe:2.3:a:libgd:gd_graphics_library:2.0.35:rc2::::::
cpe:2.3:a:libgd:gd_graphics_library:2.0.35:rc3::::::
cpe:2.3:a:libgd:gd_graphics_library:2.0.35:rc4::::::
cpe:2.3:a:libgd:gd_graphics_library::rc5::::::*		2.0.35

Related information, measures and tools

No	URL	refsource	タグ
1	ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz	CONFIRM	Patch
2	http://bugs.libgd.org/?do=details&task_id=74	CONFIRM	Exploit
3	http://bugs.libgd.org/?do=details&task_id=92	CONFIRM
4	http://fedoranews.org/updates/FEDORA-2007-205.shtml	FEDORA
5	http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html	FEDORA
6	http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html	FEDORA
7	http://osvdb.org/42062	OSVDB
8	http://secunia.com/advisories/25860	SECUNIA	Vendor Advisory
9	http://secunia.com/advisories/26272	SECUNIA	Vendor Advisory
10	http://secunia.com/advisories/26390	SECUNIA	Vendor Advisory
11	http://secunia.com/advisories/26415	SECUNIA	Vendor Advisory
12	http://secunia.com/advisories/26467	SECUNIA	Vendor Advisory
13	http://secunia.com/advisories/26663	SECUNIA	Vendor Advisory
14	http://secunia.com/advisories/26766	SECUNIA	Vendor Advisory
15	http://secunia.com/advisories/26856	SECUNIA	Vendor Advisory
16	http://secunia.com/advisories/30168	SECUNIA	Vendor Advisory
17	http://secunia.com/advisories/31168	SECUNIA	Vendor Advisory
18	http://secunia.com/advisories/42813	SECUNIA	Vendor Advisory
19	http://security.gentoo.org/glsa/glsa-200708-05.xml	GENTOO
20	http://security.gentoo.org/glsa/glsa-200711-34.xml	GENTOO
21	http://security.gentoo.org/glsa/glsa-200805-13.xml	GENTOO
22	http://www.debian.org/security/2008/dsa-1613	DEBIAN
23	http://www.libgd.org/ReleaseNote020035	MISC	Patch
24	http://www.mandriva.com/security/advisories?name=MDKSA-2007:153	MANDRIVA
25	http://www.mandriva.com/security/advisories?name=MDKSA-2007:164	MANDRIVA
26	http://www.novell.com/linux/security/advisories/2007_15_sr.html	SUSE
27	http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html	FEDORA
28	http://www.securityfocus.com/archive/1/478796/100/0/threaded	BUGTRAQ
29	http://www.securityfocus.com/bid/24651	BID
30	http://www.trustix.org/errata/2007/0024/	TRUSTIX
31	http://www.vupen.com/english/advisories/2011/0022	VUPEN	Vendor Advisory
32	https://bugzilla.redhat.com/show_bug.cgi?id=277421	CONFIRM
33	https://issues.rpath.com/browse/RPL-1643	CONFIRM

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-399	リソース管理の問題	https://cwe.mitre.org/data/definitions/399.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:libgd:gd_graphics_library:2.0.33:::::::*
cpe:2.3:a:libgd:gd_graphics_library:2.0.34:::::::*
cpe:2.3:a:libgd:gd_graphics_library:2.0.34:rc1::::::
cpe:2.3:a:libgd:gd_graphics_library:2.0.34:rc2::::::
cpe:2.3:a:libgd:gd_graphics_library:2.0.35:rc1::::::
cpe:2.3:a:libgd:gd_graphics_library:2.0.35:rc2::::::
cpe:2.3:a:libgd:gd_graphics_library:2.0.35:rc3::::::
cpe:2.3:a:libgd:gd_graphics_library:2.0.35:rc4::::::
cpe:2.3:a:libgd:gd_graphics_library::rc5::::::*		2.0.35