Common Vulnerabilities and Exposures assigned an identifier CVE-2007-3475 to the following vulnerability: The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map. References: http://www.libgd.org/ReleaseNote020035 http://bugs.libgd.org/?do=details&task_id=70
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_gif_in.c?r1=1.15&r2=1.16
Fix in libgd CVS repo: http://cvs.php.net/viewcvs.cgi/gd/libgd/src/gd_gif_in.c?r1=1.5.2.5&r2=1.5.2.6
This issue does not affect versions of gd as shipped with Red Hat Enterprise Linux 2.1 and 3, as those versions do not offer GIF image type support.
This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2008-0146.html Fedora: https://admin.fedoraproject.org/updates/F7/FEDORA-2007-2055