Summary
The host is installed with GD Graphics Library and is prone to Buffer Overflow vulnerability.
This NVT may create FP and LSC's are taking care of it.
Impact
Successful exploitation could allow attackers to potentially compromise a vulnerable system.
Impact Level: System
Solution
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.
Insight
The flaw is due to error in '_gdGetColors' function in gd_gd.c which fails to check certain colorsTotal structure member, whicn can be exploited to cause buffer overflow or buffer over-read attacks via a crafted GD file.
Affected
GD Graphics Library version 2.x on Linux.
References
Severity
Classification
-
CVE CVE-2009-3546 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Apple iTunes 'itpc:' URI Buffer Overflow Vulnerability
- CA eTrust PestPatrol Anti-Spyware 'ppctl.dll' ActiveX Control BOF Vulnerability
- Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
- Asterisk HTTP Manager Buffer Overflow Vulnerability
- Adobe Shockwave Player ActiveX Control BOF Vulnerability