Code-Authors Welcome Guest | Login or Register

TITLE:
GD Graphics Library Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA25855

VERIFY ADVISORY:
http://secunia.com/advisories/25855/

CRITICAL:
Moderately critical

IMPACT:
Unknown, DoS

WHERE:
From remote

SOFTWARE:
GD Graphics Library 2.x
http://secunia.com/product/4178/

DESCRIPTION:
Some vulnerabilities have been reported in the GD Graphics Library,
where some have unknown impact and others can potentially be exploited
to cause a DoS.

1) An integer overflow exists in the “gdImageCreateTrueColor()”
function.

2) An error in the “gdImageCreateXbm()” function can potentially be
exploited to cause a crash.

Various issues in the GIF reader have also been reported as security
related.

SOLUTION:
Update to version 2.0.35.

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
http://www.libgd.org/ReleaseNote020035

TITLE:
PHP “array_user_key_compare()” Double DTOR Vulnerability

SECUNIA ADVISORY ID:
SA24542

VERIFY ADVISORY:
http://secunia.com/advisories/24542/

CRITICAL:
Less critical

IMPACT:
Privilege escalation

WHERE:
Local system

SOFTWARE:
PHP 5.2.x
http://secunia.com/product/13446/
PHP 4.4.x
http://secunia.com/product/5768/

DESCRIPTION:
Stefan Esser has reported a vulnerability in PHP, which can be exploited
by malicious users to gain escalated privileges.

The vulnerability is caused due to an error in the
“array_user_key_compare()” function where key references are incorrectly
destroyed. This can be exploited to cause memory corruption and allow
execution of arbitrary code, which can lead to security restrictions,
such as the “disable_functions” directive, being bypassed.

The vulnerability is reported in version 4.4.6 and confirmed in version
5.2.1. Other versions may also be affected.

SOLUTION:
Grant only trusted users permissions to execute PHP code.

PROVIDED AND/OR DISCOVERED BY:
Stefan Esser

ORIGINAL ADVISORY: http://www.php-security.org/MOPB/MOPB-24-2007.html