NVD

CVE-2007-3474 Detail

Deferred

This CVE record is not being prioritized for NVD enrichment efforts due to resource or other concerns.

Current Description

Multiple unspecified vulnerabilities in the GIF reader in the GD Graphics Library (libgd) before 2.0.35 have unspecified impact and user-assisted remote attack vectors.

View Analysis Description

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology

NIST: NVD

Base Score: 2.6 LOW

Vector: (AV:N/AC:H/Au:N/C:N/I:N/A:P)

Evaluator Impact

An integer overflow exists in the "gdImageCreateTrueColor()" function.

Vendor Statements (disclaimer)

Official Statement from Red Hat (02/14/2008)

This issue did not affect the versions of gd as shipped with Red Hat Enterprise Linux 2.1 or 3 as they did not offer GIF image support. We do not plan to backport a fix for this issue to the gd packages as shipped in Red Hat Enterprise Linux 4 and 5 due to the low likelihood of an application affected by this problem being exposed in a way that would allow a trust boundary to be crossed.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL	Source(s)	Tag(s)
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz	CVE, MITRE
http://fedoranews.org/updates/FEDORA-2007-205.shtml	CVE, MITRE
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html	CVE, MITRE
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html	CVE, MITRE
http://osvdb.org/37743	CVE, MITRE
http://secunia.com/advisories/25855	CVE, MITRE	Vendor Advisory
http://secunia.com/advisories/25860	CVE, MITRE	Vendor Advisory
http://secunia.com/advisories/26272	CVE, MITRE	Vendor Advisory
http://secunia.com/advisories/26390	CVE, MITRE	Vendor Advisory
http://secunia.com/advisories/26415	CVE, MITRE	Vendor Advisory
http://secunia.com/advisories/26467	CVE, MITRE	Vendor Advisory
http://secunia.com/advisories/26663	CVE, MITRE	Vendor Advisory
http://secunia.com/advisories/26766	CVE, MITRE	Vendor Advisory
http://secunia.com/advisories/26856	CVE, MITRE	Vendor Advisory
http://secunia.com/advisories/30168	CVE, MITRE	Vendor Advisory
http://secunia.com/advisories/42813	CVE, MITRE	Vendor Advisory
http://security.gentoo.org/glsa/glsa-200708-05.xml	CVE, MITRE
http://security.gentoo.org/glsa/glsa-200711-34.xml	CVE, MITRE
http://security.gentoo.org/glsa/glsa-200805-13.xml	CVE, MITRE
http://www.libgd.org/ReleaseNote020035	CVE, MITRE	Patch
http://www.mandriva.com/security/advisories?name=MDKSA-2007:153	CVE, MITRE
http://www.mandriva.com/security/advisories?name=MDKSA-2007:164	CVE, MITRE
http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html	CVE, MITRE
http://www.securityfocus.com/archive/1/478796/100/0/threaded	CVE, MITRE
http://www.securityfocus.com/bid/24651	CVE, MITRE
http://www.trustix.org/errata/2007/0024/	CVE, MITRE
http://www.vupen.com/english/advisories/2007/2336	CVE, MITRE	Vendor Advisory
http://www.vupen.com/english/advisories/2011/0022	CVE, MITRE	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=277421	CVE, MITRE
https://exchange.xforce.ibmcloud.com/vulnerabilities/35110	CVE, MITRE
https://issues.rpath.com/browse/RPL-1643	CVE, MITRE

Weakness Enumeration

CWE-ID	CWE Name	Source
NVD-CWE-noinfo	Insufficient Information	NIST

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

5 change records found show changes

CVE Modified by CVE 11/20/2024 7:33:19 PM

Action	Type	New Value
Added	Reference	ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz
Added	Reference	http://fedoranews.org/updates/FEDORA-2007-205.shtml
Added	Reference	http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html
Added	Reference	http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html
Added	Reference	http://osvdb.org/37743
Added	Reference	http://secunia.com/advisories/25855
Added	Reference	http://secunia.com/advisories/25860
Added	Reference	http://secunia.com/advisories/26272
Added	Reference	http://secunia.com/advisories/26390
Added	Reference	http://secunia.com/advisories/26415
Added	Reference	http://secunia.com/advisories/26467
Added	Reference	http://secunia.com/advisories/26663
Added	Reference	http://secunia.com/advisories/26766
Added	Reference	http://secunia.com/advisories/26856
Added	Reference	http://secunia.com/advisories/30168
Added	Reference	http://secunia.com/advisories/42813
Added	Reference	http://security.gentoo.org/glsa/glsa-200708-05.xml
Added	Reference	http://security.gentoo.org/glsa/glsa-200711-34.xml
Added	Reference	http://security.gentoo.org/glsa/glsa-200805-13.xml
Added	Reference	http://www.libgd.org/ReleaseNote020035
Added	Reference	http://www.mandriva.com/security/advisories?name=MDKSA-2007:153
Added	Reference	http://www.mandriva.com/security/advisories?name=MDKSA-2007:164
Added	Reference	http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html
Added	Reference	http://www.securityfocus.com/archive/1/478796/100/0/threaded
Added	Reference	http://www.securityfocus.com/bid/24651
Added	Reference	http://www.trustix.org/errata/2007/0024/
Added	Reference	http://www.vupen.com/english/advisories/2007/2336
Added	Reference	http://www.vupen.com/english/advisories/2011/0022
Added	Reference	https://bugzilla.redhat.com/show_bug.cgi?id=277421
Added	Reference	https://exchange.xforce.ibmcloud.com/vulnerabilities/35110
Added	Reference	https://issues.rpath.com/browse/RPL-1643

Quick Info

CVE Dictionary Entry:
CVE-2007-3474
NVD Published Date:
06/28/2007
NVD Last Modified:
04/08/2025
Source:
MITRE

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

CVE-2007-3474 Detail

Current Description

Analysis Description

Metrics

Evaluator Impact

Vendor Statements (disclaimer)

Official Statement from Red Hat (02/14/2008)

References to Advisories, Solutions, and Tools

Weakness Enumeration

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Change History

CVE Modified by CVE 11/20/2024 7:33:19 PM

CVE Modified by MITRE 5/13/2024 9:46:16 PM

CVE Modified by MITRE 10/16/2018 12:49:55 PM

CVE Modified by MITRE 7/28/2017 9:32:18 PM

Initial CVE Analysis 7/01/2007 5:33:00 PM

Quick Info