CVE-2007-3478

Table of Contents

Impact:
Low
Public Date:
2007-06-21
Bugzilla:
277231: CVE-2007-3478 libgd Certain TTF handling routines are not reentrant

The MITRE CVE dictionary describes this issue as:

Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support.

Find out more about CVE-2007-3478 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

We currently do not plan to backport a fix for this issue to gd packages in current versions of Red Hat Enterprise Linux 2.1, 3, 4, and 5 due to the low likelihood of and application affected by this problem being exposed in a way that would allow trust boundary to be crossed.

Last Modified

CVE description copyright © 2017, The MITRE Corporation