Bug 242033 (CVE-2007-2756)

Summary: CVE-2007-2756 gd / php-gd ImageCreateFromPng infinite loop caused by truncated PNG
Product: [Other] Security Response Reporter: Joe Orton <jorton>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: kreilly, varekova
Target Milestone: ---Keywords: Reopened, Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-02-17 15:13:48 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 278361, 278381, 278391, 278401, 278411, 278421, 432784, 432786, 432787, 833899    
Bug Blocks:    

Description Joe Orton 2007-06-01 12:36:29 UTC 
Description of problem:
PHP 5.2.3 release: http://www.php.net/releases/5_2_3.php

Fixed possible infinite loop in imagecreatefrompng. (by Xavier Roche, CVE-2007-2756)
Comment 4 Joe Orton 2007-09-06 09:13:05 UTC 
References:

http://bugs.libgd.org/?do=details&task_id=86
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_png.c?r1=1.4.2.7&r2=1.4.2.7.4.1&diff_format=u
Comment 7 Red Hat Product Security 2008-01-16 14:06:34 UTC 
This issue was addressed in:

Red Hat Application Stack:
  http://rhn.redhat.com/errata/RHSA-2007-0891.html

Red Hat Enterprise Linux:
  http://rhn.redhat.com/errata/RHSA-2007-0890.html
  http://rhn.redhat.com/errata/RHSA-2007-0889.html

Fedora:
  updated to fixed upstream version
Comment 8 Tomas Hoger 2008-02-13 16:45:39 UTC 
Comment #7 describes Errata where this issue was fixed in gd library embedded in
php source code.  This issue also affects gd packages as shipped in Red Hat
Enterprise Linux 2.1, 3, 4, and 5.

Similar commit as mentioned in comment #4, but in libgd CVS repository:

http://cvs.php.net/viewcvs.cgi/gd/libgd/src/gd_png.c?r1=1.22&r2=1.23
Comment 13 Tomas Hoger 2008-02-28 10:50:32 UTC 
Updated gd packages addressing this issue were released for Red Hat Enterprise
Linux 4 and 5:

  https://rhn.redhat.com/errata/RHSA-2008-0146.html
Comment 14 Vincent Danen 2015-02-17 15:13:48 UTC 
Statement:

Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates for libwmf in Red Hat Enterprise Linux 5 and 6. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.