NVD Vulnerability Detail

CVE-2007-1001

Summary	Multiple integer overflows in the (1) createwbmp and (2) readwbmp functions in wbmp.c in the GD library (libgd) in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allow context-dependent attackers to execute arbitrary code via Wireless Bitmap (WBMP) images with large width or height values.
Summary	Los múltiples desbordamientos de enteros en las funciones (1) createwbmp y (2) readwbmp en el archivo wbmp.c en la biblioteca GD (libgd) en PHP versión 4.0.0 hasta 4.4.6 y versión 5.0.0 hasta 5.2.1 permiten que los atacantes dependiendo del contexto ejecuten código arbitrario por medio de imágenes de Wireless Bitmap (WBMP) con valores de anchura o altura
Publication Date	April 6, 2007, 9:19 a.m.
Registration Date	Jan. 29, 2021, 2:07 p.m.
Last Update	April 23, 2026, 9:35 a.m.

CVSS2.0 : MEDIUM
Score	6.8
Vector	AV:N/AC:M/Au:N/C:P/I:P/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	はい
User operation required	はい

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:php:php:4.0:::::::*
cpe:2.3:a:php:php:4.0:beta_4_patch1::::::
cpe:2.3:a:php:php:4.0:beta1::::::
cpe:2.3:a:php:php:4.0:beta2::::::
cpe:2.3:a:php:php:4.0:beta3::::::
cpe:2.3:a:php:php:4.0:beta4::::::
cpe:2.3:a:php:php:4.0:rc1::::::
cpe:2.3:a:php:php:4.0:rc2::::::
cpe:2.3:a:php:php:4.0.0:::::::*
cpe:2.3:a:php:php:4.0.1:::::::*
cpe:2.3:a:php:php:4.0.1:patch1::::::
cpe:2.3:a:php:php:4.0.1:patch2::::::
cpe:2.3:a:php:php:4.0.2:::::::*
cpe:2.3:a:php:php:4.0.3:::::::*
cpe:2.3:a:php:php:4.0.3:patch1::::::
cpe:2.3:a:php:php:4.0.4:::::::*
cpe:2.3:a:php:php:4.0.4:patch1::::::
cpe:2.3:a:php:php:4.0.5:::::::*
cpe:2.3:a:php:php:4.0.6:::::::*
cpe:2.3:a:php:php:4.0.7:::::::*
cpe:2.3:a:php:php:4.0.7:rc1::::::
cpe:2.3:a:php:php:4.0.7:rc2::::::
cpe:2.3:a:php:php:4.0.7:rc3::::::
cpe:2.3:a:php:php:4.1.0:::::::*
cpe:2.3:a:php:php:4.1.1:::::::*
cpe:2.3:a:php:php:4.1.2:::::::*
cpe:2.3:a:php:php:4.2::dev:::::
cpe:2.3:a:php:php:4.2.0:::::::*
cpe:2.3:a:php:php:4.2.1:::::::*
cpe:2.3:a:php:php:4.2.2:::::::*
cpe:2.3:a:php:php:4.2.3:::::::*
cpe:2.3:a:php:php:4.3.0:::::::*
cpe:2.3:a:php:php:4.3.1:::::::*
cpe:2.3:a:php:php:4.3.2:::::::*
cpe:2.3:a:php:php:4.3.3:::::::*
cpe:2.3:a:php:php:4.3.4:::::::*
cpe:2.3:a:php:php:4.3.5:::::::*
cpe:2.3:a:php:php:4.3.6:::::::*
cpe:2.3:a:php:php:4.3.7:::::::*
cpe:2.3:a:php:php:4.3.8:::::::*
cpe:2.3:a:php:php:4.3.9:::::::*
cpe:2.3:a:php:php:4.3.10:::::::*
cpe:2.3:a:php:php:4.3.11:::::::*
cpe:2.3:a:php:php:4.4.0:::::::*
cpe:2.3:a:php:php:4.4.1:::::::*
cpe:2.3:a:php:php:4.4.2:::::::*
cpe:2.3:a:php:php:4.4.3:::::::*
cpe:2.3:a:php:php:4.4.4:::::::*
cpe:2.3:a:php:php:4.4.5:::::::*
cpe:2.3:a:php:php:4.4.6:::::::*
cpe:2.3:a:php:php:5.0:rc1::::::
cpe:2.3:a:php:php:5.0:rc2::::::
cpe:2.3:a:php:php:5.0:rc3::::::
cpe:2.3:a:php:php:5.0.0:::::::*
cpe:2.3:a:php:php:5.0.0:beta1::::::
cpe:2.3:a:php:php:5.0.0:beta2::::::
cpe:2.3:a:php:php:5.0.0:beta3::::::
cpe:2.3:a:php:php:5.0.0:beta4::::::
cpe:2.3:a:php:php:5.0.0:rc1::::::
cpe:2.3:a:php:php:5.0.0:rc2::::::
cpe:2.3:a:php:php:5.0.0:rc3::::::
cpe:2.3:a:php:php:5.0.1:::::::*
cpe:2.3:a:php:php:5.0.2:::::::*
cpe:2.3:a:php:php:5.0.3:::::::*
cpe:2.3:a:php:php:5.0.4:::::::*
cpe:2.3:a:php:php:5.0.5:::::::*
cpe:2.3:a:php:php:5.1.0:::::::*
cpe:2.3:a:php:php:5.1.1:::::::*
cpe:2.3:a:php:php:5.1.2:::::::*
cpe:2.3:a:php:php:5.1.3:::::::*
cpe:2.3:a:php:php:5.1.4:::::::*
cpe:2.3:a:php:php:5.1.5:::::::*
cpe:2.3:a:php:php:5.1.6:::::::*
cpe:2.3:a:php:php:5.2.0:::::::*
cpe:2.3:a:php:php:5.2.1:::::::*

Related information, measures and tools

No	URL	refsource
1	http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/wbmp.c?r1=1.2.4.1&r2=1.2.4.1.8.1	secalert@redhat.com
2	http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/wbmp.c?revision=1.2.4.1.8.1&view=markup	secalert@redhat.com
3	http://docs.info.apple.com/article.html?artnum=306172	secalert@redhat.com
4	http://ifsec.blogspot.com/2007/04/php-521-wbmp-file-handling-integer.html	secalert@redhat.com
5	http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html	secalert@redhat.com
6	http://rhn.redhat.com/errata/RHSA-2007-0155.html	secalert@redhat.com
7	http://secunia.com/advisories/24814	secalert@redhat.com
8	http://secunia.com/advisories/24909	secalert@redhat.com
9	http://secunia.com/advisories/24924	secalert@redhat.com
10	http://secunia.com/advisories/24945	secalert@redhat.com
11	http://secunia.com/advisories/24965	secalert@redhat.com
12	http://secunia.com/advisories/25056	secalert@redhat.com
13	http://secunia.com/advisories/25151	secalert@redhat.com
14	http://secunia.com/advisories/25445	secalert@redhat.com
15	http://secunia.com/advisories/26235	secalert@redhat.com
16	http://security.gentoo.org/glsa/glsa-200705-19.xml	secalert@redhat.com
17	http://us2.php.net/releases/4_4_7.php	secalert@redhat.com
18	http://us2.php.net/releases/5_2_2.php	secalert@redhat.com
19	http://www.mandriva.com/security/advisories?name=MDKSA-2007:087	secalert@redhat.com
20	http://www.mandriva.com/security/advisories?name=MDKSA-2007:088	secalert@redhat.com
21	http://www.mandriva.com/security/advisories?name=MDKSA-2007:089	secalert@redhat.com
22	http://www.mandriva.com/security/advisories?name=MDKSA-2007:090	secalert@redhat.com
23	http://www.novell.com/linux/security/advisories/2007_32_php.html	secalert@redhat.com
24	http://www.redhat.com/support/errata/RHSA-2007-0153.html	secalert@redhat.com
25	http://www.redhat.com/support/errata/RHSA-2007-0162.html	secalert@redhat.com
26	http://www.securityfocus.com/archive/1/464957/100/0/threaded	secalert@redhat.com
27	http://www.securityfocus.com/archive/1/466166/100/0/threaded	secalert@redhat.com
28	http://www.securityfocus.com/bid/23357	secalert@redhat.com
29	http://www.securityfocus.com/bid/25159	secalert@redhat.com
30	http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.470053	secalert@redhat.com
31	http://www.vupen.com/english/advisories/2007/1269	secalert@redhat.com
32	http://www.vupen.com/english/advisories/2007/2732	secalert@redhat.com
33	https://exchange.xforce.ibmcloud.com/vulnerabilities/33453	secalert@redhat.com
34	https://issues.rpath.com/browse/RPL-1268	secalert@redhat.com
35	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10179	secalert@redhat.com
36	http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/wbmp.c?r1=1.2.4.1&r2=1.2.4.1.8.1	af854a3a-2127-422b-91ae-364da2661108
37	http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/wbmp.c?revision=1.2.4.1.8.1&view=markup	af854a3a-2127-422b-91ae-364da2661108
38	http://docs.info.apple.com/article.html?artnum=306172	af854a3a-2127-422b-91ae-364da2661108
39	http://ifsec.blogspot.com/2007/04/php-521-wbmp-file-handling-integer.html	af854a3a-2127-422b-91ae-364da2661108
40	http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html	af854a3a-2127-422b-91ae-364da2661108
41	http://rhn.redhat.com/errata/RHSA-2007-0155.html	af854a3a-2127-422b-91ae-364da2661108
42	http://secunia.com/advisories/24814	af854a3a-2127-422b-91ae-364da2661108
43	http://secunia.com/advisories/24909	af854a3a-2127-422b-91ae-364da2661108
44	http://secunia.com/advisories/24924	af854a3a-2127-422b-91ae-364da2661108
45	http://secunia.com/advisories/24945	af854a3a-2127-422b-91ae-364da2661108
46	http://secunia.com/advisories/24965	af854a3a-2127-422b-91ae-364da2661108
47	http://secunia.com/advisories/25056	af854a3a-2127-422b-91ae-364da2661108
48	http://secunia.com/advisories/25151	af854a3a-2127-422b-91ae-364da2661108
49	http://secunia.com/advisories/25445	af854a3a-2127-422b-91ae-364da2661108
50	http://secunia.com/advisories/26235	af854a3a-2127-422b-91ae-364da2661108
51	http://security.gentoo.org/glsa/glsa-200705-19.xml	af854a3a-2127-422b-91ae-364da2661108
52	http://us2.php.net/releases/4_4_7.php	af854a3a-2127-422b-91ae-364da2661108
53	http://us2.php.net/releases/5_2_2.php	af854a3a-2127-422b-91ae-364da2661108
54	http://www.mandriva.com/security/advisories?name=MDKSA-2007:087	af854a3a-2127-422b-91ae-364da2661108
55	http://www.mandriva.com/security/advisories?name=MDKSA-2007:088	af854a3a-2127-422b-91ae-364da2661108
56	http://www.mandriva.com/security/advisories?name=MDKSA-2007:089	af854a3a-2127-422b-91ae-364da2661108
57	http://www.mandriva.com/security/advisories?name=MDKSA-2007:090	af854a3a-2127-422b-91ae-364da2661108
58	http://www.novell.com/linux/security/advisories/2007_32_php.html	af854a3a-2127-422b-91ae-364da2661108
59	http://www.redhat.com/support/errata/RHSA-2007-0153.html	af854a3a-2127-422b-91ae-364da2661108
60	http://www.redhat.com/support/errata/RHSA-2007-0162.html	af854a3a-2127-422b-91ae-364da2661108
61	http://www.securityfocus.com/archive/1/464957/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
62	http://www.securityfocus.com/archive/1/466166/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
63	http://www.securityfocus.com/bid/23357	af854a3a-2127-422b-91ae-364da2661108
64	http://www.securityfocus.com/bid/25159	af854a3a-2127-422b-91ae-364da2661108
65	http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.470053	af854a3a-2127-422b-91ae-364da2661108
66	http://www.vupen.com/english/advisories/2007/1269	af854a3a-2127-422b-91ae-364da2661108
67	http://www.vupen.com/english/advisories/2007/2732	af854a3a-2127-422b-91ae-364da2661108
68	https://exchange.xforce.ibmcloud.com/vulnerabilities/33453	af854a3a-2127-422b-91ae-364da2661108
69	https://issues.rpath.com/browse/RPL-1268	af854a3a-2127-422b-91ae-364da2661108
70	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10179	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-189	数値処理の問題	https://cwe.mitre.org/data/definitions/189.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:php:php:4.0:::::::*
cpe:2.3:a:php:php:4.0:beta_4_patch1::::::
cpe:2.3:a:php:php:4.0:beta1::::::
cpe:2.3:a:php:php:4.0:beta2::::::
cpe:2.3:a:php:php:4.0:beta3::::::
cpe:2.3:a:php:php:4.0:beta4::::::
cpe:2.3:a:php:php:4.0:rc1::::::
cpe:2.3:a:php:php:4.0:rc2::::::
cpe:2.3:a:php:php:4.0.0:::::::*
cpe:2.3:a:php:php:4.0.1:::::::*
cpe:2.3:a:php:php:4.0.1:patch1::::::
cpe:2.3:a:php:php:4.0.1:patch2::::::
cpe:2.3:a:php:php:4.0.2:::::::*
cpe:2.3:a:php:php:4.0.3:::::::*
cpe:2.3:a:php:php:4.0.3:patch1::::::
cpe:2.3:a:php:php:4.0.4:::::::*
cpe:2.3:a:php:php:4.0.4:patch1::::::
cpe:2.3:a:php:php:4.0.5:::::::*
cpe:2.3:a:php:php:4.0.6:::::::*
cpe:2.3:a:php:php:4.0.7:::::::*
cpe:2.3:a:php:php:4.0.7:rc1::::::
cpe:2.3:a:php:php:4.0.7:rc2::::::
cpe:2.3:a:php:php:4.0.7:rc3::::::
cpe:2.3:a:php:php:4.1.0:::::::*
cpe:2.3:a:php:php:4.1.1:::::::*
cpe:2.3:a:php:php:4.1.2:::::::*
cpe:2.3:a:php:php:4.2::dev:::::
cpe:2.3:a:php:php:4.2.0:::::::*
cpe:2.3:a:php:php:4.2.1:::::::*
cpe:2.3:a:php:php:4.2.2:::::::*
cpe:2.3:a:php:php:4.2.3:::::::*
cpe:2.3:a:php:php:4.3.0:::::::*
cpe:2.3:a:php:php:4.3.1:::::::*
cpe:2.3:a:php:php:4.3.2:::::::*
cpe:2.3:a:php:php:4.3.3:::::::*
cpe:2.3:a:php:php:4.3.4:::::::*
cpe:2.3:a:php:php:4.3.5:::::::*
cpe:2.3:a:php:php:4.3.6:::::::*
cpe:2.3:a:php:php:4.3.7:::::::*
cpe:2.3:a:php:php:4.3.8:::::::*
cpe:2.3:a:php:php:4.3.9:::::::*
cpe:2.3:a:php:php:4.3.10:::::::*
cpe:2.3:a:php:php:4.3.11:::::::*
cpe:2.3:a:php:php:4.4.0:::::::*
cpe:2.3:a:php:php:4.4.1:::::::*
cpe:2.3:a:php:php:4.4.2:::::::*
cpe:2.3:a:php:php:4.4.3:::::::*
cpe:2.3:a:php:php:4.4.4:::::::*
cpe:2.3:a:php:php:4.4.5:::::::*
cpe:2.3:a:php:php:4.4.6:::::::*
cpe:2.3:a:php:php:5.0:rc1::::::
cpe:2.3:a:php:php:5.0:rc2::::::
cpe:2.3:a:php:php:5.0:rc3::::::
cpe:2.3:a:php:php:5.0.0:::::::*
cpe:2.3:a:php:php:5.0.0:beta1::::::
cpe:2.3:a:php:php:5.0.0:beta2::::::
cpe:2.3:a:php:php:5.0.0:beta3::::::
cpe:2.3:a:php:php:5.0.0:beta4::::::
cpe:2.3:a:php:php:5.0.0:rc1::::::
cpe:2.3:a:php:php:5.0.0:rc2::::::
cpe:2.3:a:php:php:5.0.0:rc3::::::
cpe:2.3:a:php:php:5.0.1:::::::*
cpe:2.3:a:php:php:5.0.2:::::::*
cpe:2.3:a:php:php:5.0.3:::::::*
cpe:2.3:a:php:php:5.0.4:::::::*
cpe:2.3:a:php:php:5.0.5:::::::*
cpe:2.3:a:php:php:5.1.0:::::::*
cpe:2.3:a:php:php:5.1.1:::::::*
cpe:2.3:a:php:php:5.1.2:::::::*
cpe:2.3:a:php:php:5.1.3:::::::*
cpe:2.3:a:php:php:5.1.4:::::::*
cpe:2.3:a:php:php:5.1.5:::::::*
cpe:2.3:a:php:php:5.1.6:::::::*
cpe:2.3:a:php:php:5.2.0:::::::*
cpe:2.3:a:php:php:5.2.1:::::::*