gd had been reported vulnerable to several
vulnerabilities:
- CVE-2007-3472: Integer overflow in gdImageCreateTrueColor
function in the GD Graphics Library (libgd) before 2.0.35
allows user-assisted remote attackers has unspecified attack
vectors and impact.
- CVE-2007-3473: The gdImageCreateXbm function in the GD
Graphics Library (libgd) before 2.0.35 allows user-assisted
remote attackers to cause a denial of service (crash) via
unspecified vectors involving a gdImageCreate failure.
- CVE-2007-3474: Multiple unspecified vulnerabilities in the GIF
reader in the GD Graphics Library (libgd) before 2.0.35 allow
user-assisted remote attackers to have unspecified attack vectors
and impact.
- CVE-2007-3475: The GD Graphics Library (libgd) before 2.0.35
allows user-assisted remote attackers to cause a denial of service
(crash) via a GIF image that has no global color map.
- CVE-2007-3476: Array index error in gd_gif_in.c in the GD Graphics
Library (libgd) before 2.0.35 allows user-assisted remote attackers
to cause a denial of service (crash and heap corruption) via large
color index values in crafted image data, which results in a
segmentation fault.
- CVE-2007-3477: The (a) imagearc and (b) imagefilledarc functions
in GD Graphics Library (libgd) before 2.0.35 allows attackers to
cause a denial of service (CPU consumption) via a large (1) start or
(2) end angle degree value.
- CVE-2007-3478: Race condition in gdImageStringFTEx
(gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd)
before 2.0.35 allows user-assisted remote attackers to cause a
denial of service (crash) via unspecified vectors, possibly
involving truetype font (TTF) support.