242033 – (CVE-2007-2756) CVE-2007-2756 gd / php-gd ImageCreateFromPng infinite loop caused by truncated PNG

Bug 242033 (CVE-2007-2756) - CVE-2007-2756 gd / php-gd ImageCreateFromPng infinite loop caused by truncated PNG

Summary: CVE-2007-2756 gd / php-gd ImageCreateFromPng infinite loop caused by truncate...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2007-2756
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	278361 278381 278391 278401 278411 278421 432784 432786 432787 833899
Blocks:
TreeView+	depends on / blocked

Reported:	2007-06-01 12:36 UTC by Joe Orton
Modified:	2021-02-25 18:13 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-02-17 15:13:48 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2007:0889	normal	SHIPPED_LIVE	Moderate: php security update	2007-09-26 08:34:27 UTC
Red Hat Product Errata	RHSA-2007:0890	normal	SHIPPED_LIVE	Moderate: php security update	2008-01-07 23:52:21 UTC
Red Hat Product Errata	RHSA-2007:0891	normal	SHIPPED_LIVE	Moderate: php security update	2007-10-25 17:33:16 UTC
Red Hat Product Errata	RHSA-2008:0146	normal	SHIPPED_LIVE	Moderate: gd security update	2008-02-28 09:59:17 UTC

Description Joe Orton 2007-06-01 12:36:29 UTC

Description of problem:
PHP 5.2.3 release: http://www.php.net/releases/5_2_3.php

Fixed possible infinite loop in imagecreatefrompng. (by Xavier Roche, CVE-2007-2756)

Comment 4 Joe Orton 2007-09-06 09:13:05 UTC

References:

http://bugs.libgd.org/?do=details&task_id=86
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_png.c?r1=1.4.2.7&r2=1.4.2.7.4.1&diff_format=u

Comment 7 Red Hat Product Security 2008-01-16 14:06:34 UTC

This issue was addressed in:

Red Hat Application Stack:
  http://rhn.redhat.com/errata/RHSA-2007-0891.html

Red Hat Enterprise Linux:
  http://rhn.redhat.com/errata/RHSA-2007-0890.html
  http://rhn.redhat.com/errata/RHSA-2007-0889.html

Fedora:
  updated to fixed upstream version

Comment 8 Tomas Hoger 2008-02-13 16:45:39 UTC

Comment #7 describes Errata where this issue was fixed in gd library embedded in
php source code.  This issue also affects gd packages as shipped in Red Hat
Enterprise Linux 2.1, 3, 4, and 5.

Similar commit as mentioned in comment #4, but in libgd CVS repository:

http://cvs.php.net/viewcvs.cgi/gd/libgd/src/gd_png.c?r1=1.22&r2=1.23

Comment 13 Tomas Hoger 2008-02-28 10:50:32 UTC

Updated gd packages addressing this issue were released for Red Hat Enterprise
Linux 4 and 5:

  https://rhn.redhat.com/errata/RHSA-2008-0146.html

Comment 14 Vincent Danen 2015-02-17 15:13:48 UTC

Statement:

Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates for libwmf in Red Hat Enterprise Linux 5 and 6. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Note You need to log in before you can comment on or make changes to this bug.