Common Vulnerabilities and Exposures assigned an identifier CVE-2007-3476 to the following vulnerability: Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault. References: http://www.libgd.org/ReleaseNote020035 http://bugs.libgd.org/?do=details&task_id=87 http://bugs.php.net/bug.php?id=41630
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_gif_in.c?r1=1.16&r2=1.17
Same patch as above, but directly in libgd CVS repo: http://cvs.php.net/viewcvs.cgi/gd/libgd/src/gd_gif_in.c?r1=1.8&r2=1.9
This issue does not affect versions of gd as shipped with Red Hat Enterprise Linux 2.1 and 3, as those versions do not offer GIF image type support.
This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2008-0146.html Fedora: https://admin.fedoraproject.org/updates/F7/FEDORA-2007-2055