Secunia - Stay Secure
Gartner
Home Corporate Website Jobs Mailing Lists RSS Blog New entry Advertise
Software Inspectors
  Scan Online
  Personal (PSI)
  Network (NSI 2.0)
  - NEW -

Solutions For
  Security Professionals
  Security Vendors

Free Solutions For
  Open Communities
  Journalists & Media

Secunia Advisories
  Search
  Historic Advisories
  Listed By Product
  Listed By Vendor
  Statistics / Graphs
  Secunia Research
  Report Vulnerability
  About Advisories

Virus Information
  Chronological List
  Last 10 Virus Alerts
  About Virus Information

Secunia Customers
  Customer Area


CVE Reference: CVE-2006-4484

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2006-4484

Description:
Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array.

CVE Status:
Candidate

References:

UBUNTU
  http://www.ubuntu.com/usn/usn-342-1

TURBO
  http://www.turbolinux.com/security/2006/TLSA-2006-38.txt

SUSE
  http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html
  http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
  http://www.novell.com/linux/security/advisories/2006_52_php.html

ST
  1016984

SGI

SAID
  Secunia Advisory: SA28838
  Secunia Advisory: SA28768
  Secunia Advisory: SA22039
  Secunia Advisory: SA22487
  Secunia Advisory: SA22538
  Secunia Advisory: SA22440
  Secunia Advisory: SA22225
  Secunia Advisory: SA22069
  Secunia Advisory: SA21842
  Secunia Advisory: SA21768
  Secunia Advisory: SA21546
  Secunia Advisory: SA28845
  Secunia Advisory: SA28866
  Secunia Advisory: SA28959
  Secunia Advisory: SA29157
  Secunia Advisory: SA29242
  Secunia Advisory: SA29546

REDHAT
  http://www.redhat.com/support/errata/RHSA-2008-0146.html
  http://rhn.redhat.com/errata/RHSA-2006-0688.html

MANDRIVA
  http://www.mandriva.com/security/advisories?name=MDKSA-2006:162
  http://www.mandriva.com/security/advisories?name=MDVSA-2008:038
  http://www.mandriva.com/security/advisories?name=MDVSA-2008:077

FEDORA

CONFIRM
  http://wiki.rpath.com/Advisories:rPSA-2008-0046
  http://support.avaya.com/elmodocs2/security/ASA-2006-223.htm
  http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0046
  http://support.avaya.com/elmodocs2/security/ASA-2006-222.htm
  http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_gif_in.c?view=log
  http://www.php.net/release_5_1_5.php
  http://www.php.net/ChangeLog-5.php#5.1.5
  http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_gif_in.c?r1=1.10&r2=1.11
  http://bugs.php.net/bug.php?id=38112

BUGTRAQ
  http://www.securityfocus.com/archive/1/archive/1/487683/100/0/threaded
  http://www.securityfocus.com/archive/1/archive/1/488008/100/0/threaded
  http://www.securityfocus.com/archive/1/archive/1/447866/100/0/threaded

BID
  19582


Return to the previous page.





Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Do you think it's important to read Setup/User Guides for applications for use within your network?


See Results   


Most Popular Advisories

1.
Debian OpenSSL Predictable Random Number Generator and Update
2.
Ubuntu update for openssl
3.
Microsoft Malware Protection Engine File Parsing Denial of Service
4.
Microsoft Windows XP I2O Utility Filter Driver Privilege Escalation
5.
Novell Client Login Long Username/Contex t Buffer Overflow
6.
Build A Niche Store "q" Cross-Site Scripting
7.
ZyXEL ZyWALL 100 "Referer" Cross-Site Scripting Vulnerability
8.
Citrix Access Gateway Unspecified Authentication Bypass
9.
cPanel Cross-Site Scripting and Request Forgery Vulnerabilities
10.
Gentoo update for aterm, eterm, rxvt, mrxvt, multi-aterm, wterm, and rxvt-unicode





Vulnerability Management - Terms & Conditions - Copyright 2002-2008 Secunia - Compliance - Contact Secunia