Red Hat Bugzilla – Bug 277221
CVE-2007-3477 libgd arc drawing functions can consume large amount of CPU time
Last modified: 2011-08-15 14:37:37 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-3477 to the following vulnerability:
The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allow attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value.
and additional enhancement to fix regression introduced by the original fix:
Due to minimal impact of this flaw (temporary DoS by high CPU usage) and low
likelihood of this problem being exposed in a way that would allow trust
boundary crossing, we currently do not plan to backport fix for this issue to
versions of gd shipped in current versions of Red Hat Enterprise Linux.