PHP gd extension readwbmp() function integer overflow
Published:		08.04.2007
Source:		BUGTRAQ
SecurityVulns ID:		7545
Type:		library
Level:		5/10
Description:		Buffer overflow on WBMP image parsing.

Affected:		PHP : PHP 5.2
CVE:		CVE-2007-1001 (Multiple integer overflows in the (1) createwbmp and (2) readwbmp functions in wbmp.c in the GD library (libgd) in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allow context-dependent attackers to execute arbitrary code via Wireless Bitmap (WBMP) images with large width or height values.)

Original document

ifsecure_(at)_gmail.com, PHP <= 5.2.1 wbmp file handling integer overflow (08.04.2007)

Files:		Exploits PHP <= 5.2.1 wbmp file handling integer overflow
Discuss:		Read or add your comments to this news (0 comments)