Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font.
2007-01-30T17:28:00.000
2025-04-09T00:30:58.490
Deferred
CVSSv2: 7.5 (HIGH)
AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | gd_graphics_library_project | gd_graphics_library | ≤ 2.0.33 | Yes |
| Application | php | php | < 4.4.7 | Yes |
| Operating System | canonical | ubuntu_linux | 6.06 | Yes |
| Operating System | canonical | ubuntu_linux | 6.10 | Yes |
| Operating System | canonical | ubuntu_linux | 7.04 | Yes |
| Operating System | fedoraproject | fedora | 13 | Yes |
| Operating System | fedoraproject | fedora | 14 | Yes |
| Operating System | redhat | enterprise_linux_desktop | 3.0 | Yes |
| Operating System | redhat | enterprise_linux_desktop | 4.0 | Yes |
| Operating System | redhat | enterprise_linux_server | 3.0 | Yes |
| Operating System | redhat | enterprise_linux_server | 4.0 | Yes |
| Operating System | redhat | enterprise_linux_workstation | 3.0 | Yes |
| Operating System | redhat | enterprise_linux_workstation | 4.0 | Yes |