CVE-2006-4484

Description

Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array.

How to fix CVE-2006-4484

To remediate CVE-2006-4484, upgrade the affected package to a fixed version below.

• Debian/libgd2—upgrade to 2.0.33-5.1 or later
• Debian/xloadimage—no fix listed

Is CVE-2006-4484 being exploited?

Moderate — EPSS is 6.4%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (2)

• from 0, < 2.0.33-5.1
• from 0

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2006-4484