Signature Detail
Short Name |
HTTP:STC:GD-GRAPHICSLIB-BOF |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
GD Graphics Library gdGetColors Buffer Overflow |
Release Date |
2012/11/07 |
Update Number |
2201 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: GD Graphics Library gdGetColors Buffer Overflow
This signature detects attempts to exploit a known vulnerability in the GD Graphics Library. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the targeted application.
Extended Description
GD Graphics is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running an application that relies on the affected library. Failed exploit attempts will result in a denial-of-service condition.
Affected Products
- Avaya Aura Application Enablement Services 3.1
- Avaya Aura Application Enablement Services 3.1.6
- Avaya Aura Application Enablement Services 4.0
- Avaya Aura Application Enablement Services 4.2
- Avaya Aura Application Enablement Services 4.2.2
- Avaya Aura Application Enablement Services 5.2
- Avaya Aura SIP Enablement Services 4.0
- Avaya Aura SIP Enablement Services 5.1
- Avaya Aura SIP Enablement Services 5.2
- Avaya Aura SIP Enablement Services 5.2.1
- Avaya Communication Manager 4.0
- Avaya Communication Manager 4.0.3 SP1
- Avaya Communication Manager 5.0
- Avaya Communication Manager 5.0 SP3
- Avaya Communication Manager 5.1
- Avaya Communication Manager 5.1.2
- Avaya Communication Manager 5.2
- Avaya Intuity AUDIX LX 1.0
- Avaya Intuity AUDIX LX 2.0
- Avaya Intuity AUDIX LX 2.0 SP1
- Avaya Intuity AUDIX LX 2.0 SP2
- Avaya Intuity AUDIX LX R1.1
- Avaya Message Networking 3.1
- Avaya Message Networking 5.2
- Avaya Message Networking MN 3.1
- Avaya Message Networking
- Avaya Voice Portal 3.0
- Avaya Voice Portal 4.0
- Avaya Voice Portal 4.1
- Avaya Voice Portal 5.0
- Avaya Voice Portal 5.0 SP1
- Debian Linux 4.0
- Debian Linux 4.0 Alpha
- Debian Linux 4.0 Amd64
- Debian Linux 4.0 Arm
- Debian Linux 4.0 Armel
- Debian Linux 4.0 Hppa
- Debian Linux 4.0 Ia-32
- Debian Linux 4.0 Ia-64
- Debian Linux 4.0 M68k
- Debian Linux 4.0 Mips
- Debian Linux 4.0 Mipsel
- Debian Linux 4.0 Powerpc
- Debian Linux 4.0 S/390
- Debian Linux 4.0 Sparc
- Debian Linux 5.0
- Debian Linux 5.0 Alpha
- Debian Linux 5.0 Amd64
- Debian Linux 5.0 Arm
- Debian Linux 5.0 Armel
- Debian Linux 5.0 Hppa
- Debian Linux 5.0 Ia-32
- Debian Linux 5.0 Ia-64
- Debian Linux 5.0 M68k
- Debian Linux 5.0 Mips
- Debian Linux 5.0 Mipsel
- Debian Linux 5.0 Powerpc
- Debian Linux 5.0 S/390
- Debian Linux 5.0 Sparc
- GD Graphics Library gdlib 2.0.1
- GD Graphics Library gdlib 2.0.15
- GD Graphics Library gdlib 2.0.20
- GD Graphics Library gdlib 2.0.21
- GD Graphics Library gdlib 2.0.22
- GD Graphics Library gdlib 2.0.23
- GD Graphics Library gdlib 2.0.26
- GD Graphics Library gdlib 2.0.27
- GD Graphics Library gdlib 2.0.28
- GD Graphics Library gdlib 2.0.33
- GD Graphics Library gdlib 2.0.34
- GD Graphics Library gdlib 2.0.35
- Gentoo Linux
- Mandriva Corporate Server 3.0.0
- Mandriva Corporate Server 3.0.0 X86 64
- Mandriva Corporate Server 4.0
- Mandriva Corporate Server 4.0.0 X86 64
- Mandriva Enterprise Server 5
- Mandriva Enterprise Server 5 X86 64
- Mandriva Linux Mandrake 2008.0
- Mandriva Linux Mandrake 2008.0 X86 64
- Mandriva Linux Mandrake 2009.0
- Mandriva Linux Mandrake 2009.0 X86 64
- Mandriva Linux Mandrake 2009.1
- Mandriva Linux Mandrake 2009.1 X86 64
- Mandriva Multi Network Firewall 2.0.0
- Pardus Linux 2008
- Pardus Linux 2009
- PHP 3.0.0 0
- PHP 3.0.0 .10
- PHP 3.0.0 .11
- PHP 3.0.0 .12
- PHP 3.0.0 .13
- PHP 3.0.0 .16
- PHP 3.0.1
- PHP 3.0.10
- PHP 3.0.11
- PHP 3.0.12
- PHP 3.0.13
- PHP 3.0.14
- PHP 3.0.15
- PHP 3.0.16
- PHP 3.0.17
- PHP 3.0.18
- PHP 3.0.2
- PHP 3.0.3
- PHP 3.0.4
- PHP 3.0.5
- PHP 3.0.6
- PHP 3.0.7
- PHP 3.0.8
- PHP 3.0.9
- PHP 4.0.0 0
- PHP 4.0.1
- PHP 4.0.1 Pl1
- PHP 4.0.1 Pl2
- PHP 4.0.2
- PHP 4.0.3
- PHP 4.0.3 Pl1
- PHP 4.0.4
- PHP 4.0.5
- PHP 4.0.6
- PHP 4.0.7
- PHP 4.0.7 RC1
- PHP 4.0.7 RC2
- PHP 4.0.7 RC3
- PHP 4.1.0 .0
- PHP 4.1.1
- PHP 4.1.2
- PHP 4.2.0 .0
- PHP 4.2.0 -Dev
- PHP 4.2.1
- PHP 4.2.2
- PHP 4.2.3
- PHP 4.3.0
- PHP 4.3.1
- PHP 4.3.10
- PHP 4.3.11
- PHP 4.3.2
- PHP 4.3.3
- PHP 4.3.4
- PHP 4.3.5
- PHP 4.3.6
- PHP 4.3.7
- PHP 4.3.8
- PHP 4.3.9
- PHP 4.4.0 .0
- PHP 4.4.1
- PHP 4.4.2
- PHP 4.4.3
- PHP 4.4.4
- PHP 4.4.5
- PHP 4.4.6
- PHP 4.4.7
- PHP 4.4.8
- PHP 4.4.9
- PHP 5.0.0 .0
- PHP 5.0.0 Candidate 1
- PHP 5.0.0 Candidate 2
- PHP 5.0.0 Candidate 3
- PHP 5.0.1
- PHP 5.0.2
- PHP 5.0.3
- PHP 5.0.4
- PHP 5.0.5
- PHP 5.1.0
- PHP 5.1.1
- PHP 5.1.2
- PHP 5.1.3
- PHP 5.1.3-RC1
- PHP 5.1.4
- PHP 5.1.5
- PHP 5.1.6
- PHP 5.2
- PHP 5.2.1
- PHP 5.2.10
- PHP 5.2.11
- PHP 5.2.2
- PHP 5.2.3
- PHP 5.2.4
- PHP 5.2.5
- PHP 5.2.6
- PHP 5.2.7
- PHP 5.2.8
- PHP 5.2.9
- PHP 5.2.9-2
- PHP 5.3.0
- PHP 6.0
- Red Hat Desktop 3.0.0
- Red Hat Enterprise Linux 5 Server
- Red Hat Enterprise Linux Desktop Version 4
- Red Hat Enterprise Linux AS 3
- Red Hat Enterprise Linux AS 4
- Red Hat Enterprise Linux Desktop 5 Client
- Red Hat Enterprise Linux Desktop Workstation 5 Client
- Red Hat Enterprise Linux ES 3
- Red Hat Enterprise Linux ES 4
- Red Hat Enterprise Linux WS 3
- Red Hat Enterprise Linux WS 4
- Red Hat Fedora 11
- Red Hat Fedora 12
- Red Hat Fedora 16
- Red Hat Fedora 17
- SuSE openSUSE 11.0
- SuSE openSUSE 11.1
- SuSE openSUSE 11.2
- SuSE SUSE Linux Enterprise 10
- SuSE SUSE Linux Enterprise 11
- Ubuntu Ubuntu Linux 6.06 LTS Amd64
- Ubuntu Ubuntu Linux 6.06 LTS I386
- Ubuntu Ubuntu Linux 6.06 LTS Powerpc
- Ubuntu Ubuntu Linux 6.06 LTS Sparc
- Ubuntu Ubuntu Linux 8.04 LTS Amd64
- Ubuntu Ubuntu Linux 8.04 LTS I386
- Ubuntu Ubuntu Linux 8.04 LTS Lpia
- Ubuntu Ubuntu Linux 8.04 LTS Powerpc
- Ubuntu Ubuntu Linux 8.04 LTS Sparc
- Ubuntu Ubuntu Linux 8.10 Amd64
- Ubuntu Ubuntu Linux 8.10 I386
- Ubuntu Ubuntu Linux 8.10 Lpia
- Ubuntu Ubuntu Linux 8.10 Powerpc
- Ubuntu Ubuntu Linux 8.10 Sparc
- Ubuntu Ubuntu Linux 9.04 Amd64
- Ubuntu Ubuntu Linux 9.04 I386
- Ubuntu Ubuntu Linux 9.04 Lpia
- Ubuntu Ubuntu Linux 9.04 Powerpc
- Ubuntu Ubuntu Linux 9.04 Sparc
- Ubuntu Ubuntu Linux 9.10 Amd64
- Ubuntu Ubuntu Linux 9.10 I386
- Ubuntu Ubuntu Linux 9.10 Lpia
- Ubuntu Ubuntu Linux 9.10 Powerpc
- Ubuntu Ubuntu Linux 9.10 Sparc
References
- BugTraq: 36712
- CVE: CVE-2009-3546