CVE - CVE-2006-4484

CVE-ID
CVE-2006-4484	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:19582 URL:http://www.securityfocus.com/bid/19582 BUGTRAQ:20061005 rPSA-2006-0182-1 php php-mysql php-pgsql URL:http://www.securityfocus.com/archive/1/447866/100/0/threaded BUGTRAQ:20080206 rPSA-2008-0046-1 gd URL:http://www.securityfocus.com/archive/1/487683/100/0/threaded BUGTRAQ:20080212 FLEA-2008-0007-1 gd URL:http://www.securityfocus.com/archive/1/488008/100/0/threaded CONFIRM:http://bugs.php.net/bug.php?id=38112 CONFIRM:http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_gif_in.c?r1=1.10&r2=1.11 CONFIRM:http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_gif_in.c?view=log CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-222.htm CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-223.htm CONFIRM:http://wiki.rpath.com/Advisories:rPSA-2008-0046 CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0046 CONFIRM:http://www.php.net/ChangeLog-5.php#5.1.5 CONFIRM:http://www.php.net/release_5_1_5.php CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=431568 CONFIRM:https://issues.rpath.com/browse/RPL-2218 CONFIRM:https://issues.rpath.com/browse/RPL-683 FEDORA:FEDORA-2008-1643 URL:https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00502.html MANDRIVA:MDKSA-2006:162 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:162~~ (Obsolete source) MANDRIVA:MDVSA-2008:038 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2008:038~~ (Obsolete source) MANDRIVA:MDVSA-2008:077 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2008:077~~ (Obsolete source) OVAL:oval:org.mitre.oval:def:9004 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9004 REDHAT:RHSA-2006:0688 URL:http://rhn.redhat.com/errata/RHSA-2006-0688.html REDHAT:RHSA-2008:0146 URL:http://www.redhat.com/support/errata/RHSA-2008-0146.html SECTRACK:1016984 URL:http://securitytracker.com/id?1016984 SECUNIA:21546 URL:http://secunia.com/advisories/21546 SECUNIA:21768 URL:http://secunia.com/advisories/21768 SECUNIA:21842 URL:http://secunia.com/advisories/21842 SECUNIA:22039 URL:http://secunia.com/advisories/22039 SECUNIA:22069 URL:http://secunia.com/advisories/22069 SECUNIA:22225 URL:http://secunia.com/advisories/22225 SECUNIA:22440 URL:http://secunia.com/advisories/22440 SECUNIA:22487 URL:http://secunia.com/advisories/22487 SECUNIA:22538 URL:http://secunia.com/advisories/22538 SECUNIA:28768 URL:http://secunia.com/advisories/28768 SECUNIA:28838 URL:http://secunia.com/advisories/28838 SECUNIA:28845 URL:http://secunia.com/advisories/28845 SECUNIA:28866 URL:http://secunia.com/advisories/28866 SECUNIA:28959 URL:http://secunia.com/advisories/28959 SECUNIA:29157 URL:http://secunia.com/advisories/29157 SECUNIA:29242 URL:http://secunia.com/advisories/29242 SECUNIA:29546 URL:http://secunia.com/advisories/29546 SECUNIA:30717 URL:http://secunia.com/advisories/30717 SGI:20061001-01-P URL:ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc SUSE:SUSE-SA:2006:052 URL:http://www.novell.com/linux/security/advisories/2006_52_php.html SUSE:SUSE-SR:2008:003 URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html SUSE:SUSE-SR:2008:005 URL:http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html SUSE:SUSE-SR:2008:013 URL:http://www.novell.com/linux/security/advisories/2008_13_sr.html TURBO:TLSA-2006-38 URL:http://www.turbolinux.com/security/2006/TLSA-2006-38.txt UBUNTU:USN-342-1 URL:http://www.ubuntu.com/usn/usn-342-1 VUPEN:ADV-2006-3318 URL:~~http://www.vupen.com/english/advisories/2006/3318~~ (Obsolete source)
Assigning CNA
MITRE Corporation
Date Record Created
20060831	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20060831)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)