Vulnerability Report

CVE-2007-0455

Title: Gd Graphics Library Project Gd Graphics Library RCE

Memory Corruption

Proof Of Concept

No public PoC currently indexed for CVE-2007-0455.

CWE Category CWE-120

Published Date Jan 30, 2007

Modified Date Jun 16, 2026

Exploit Status Not Found

Score 7.5 CVSS v2.0

Exploit Probability (EPSS)

11.69%

Vulnerability Summary

CVE-2007-0455: Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font.

Impacted Vendors

php 1

php_group 1

gd_graphics_library_project 1

Reference Links

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=224607 http://fedoranews.org/cms/node/2631 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html http://lists.rpath.com/pipermail/security-announce/2007-February/000145.html http://rhn.redhat.com/errata/RHSA-2007-0155.html http://secunia.com/advisories/23916 http://secunia.com/advisories/24022 http://secunia.com/advisories/24052 http://secunia.com/advisories/24053 http://secunia.com/advisories/24107 http://secunia.com/advisories/24143 http://secunia.com/advisories/24151 http://secunia.com/advisories/24924 http://secunia.com/advisories/24945 http://secunia.com/advisories/24965 http://secunia.com/advisories/25575 http://secunia.com/advisories/29157 http://secunia.com/advisories/42813 http://www.mandriva.com/security/advisories?name=MDKSA-2007:035 http://www.mandriva.com/security/advisories?name=MDKSA-2007:036 http://www.mandriva.com/security/advisories?name=MDKSA-2007:038 http://www.mandriva.com/security/advisories?name=MDKSA-2007:109 http://www.redhat.com/support/errata/RHSA-2007-0153.html http://www.redhat.com/support/errata/RHSA-2007-0162.html http://www.redhat.com/support/errata/RHSA-2008-0146.html http://www.securityfocus.com/archive/1/466166/100/0/threaded http://www.securityfocus.com/bid/22289 http://www.trustix.org/errata/2007/0007 http://www.ubuntu.com/usn/usn-473-1 http://www.vupen.com/english/advisories/2007/0400 http://www.vupen.com/english/advisories/2011/0022 https://issues.rpath.com/browse/RPL-1030 https://issues.rpath.com/browse/RPL-1268 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11303 http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=224607 http://fedoranews.org/cms/node/2631 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html http://lists.rpath.com/pipermail/security-announce/2007-February/000145.html http://rhn.redhat.com/errata/RHSA-2007-0155.html http://secunia.com/advisories/23916 http://secunia.com/advisories/24022 http://secunia.com/advisories/24052 http://secunia.com/advisories/24053 http://secunia.com/advisories/24107 http://secunia.com/advisories/24143 http://secunia.com/advisories/24151 http://secunia.com/advisories/24924 http://secunia.com/advisories/24945 http://secunia.com/advisories/24965 http://secunia.com/advisories/25575 http://secunia.com/advisories/29157 http://secunia.com/advisories/42813 http://www.mandriva.com/security/advisories?name=MDKSA-2007:035 http://www.mandriva.com/security/advisories?name=MDKSA-2007:036 http://www.mandriva.com/security/advisories?name=MDKSA-2007:038 http://www.mandriva.com/security/advisories?name=MDKSA-2007:109 http://www.redhat.com/support/errata/RHSA-2007-0153.html http://www.redhat.com/support/errata/RHSA-2007-0162.html http://www.redhat.com/support/errata/RHSA-2008-0146.html http://www.securityfocus.com/archive/1/466166/100/0/threaded http://www.securityfocus.com/bid/22289 http://www.trustix.org/errata/2007/0007 http://www.ubuntu.com/usn/usn-473-1 http://www.vupen.com/english/advisories/2007/0400 http://www.vupen.com/english/advisories/2011/0022 https://issues.rpath.com/browse/RPL-1030 https://issues.rpath.com/browse/RPL-1268 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11303

CVSS v2.0

Source Entity [email protected]

Severity HIGH

7.5

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:N/AC:L/Au:N/C:P/I:P/A:P

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2007-0455 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

June 16, 2026 MODIFIED

Vulnerability data updated via NVD.

April 09, 2025 MODIFIED

Vulnerability data or affected products updated.

January 30, 2007 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A

Complexity N/A

Privileges N/A

Interaction NONE

CVSS Vector String


                                    AV:N/AC:L/Au:N/C:P/I:P/A:P

Affected Stack

No specific products linked.