Referenced CVEs:
CVE-2007-3996
Description:
=========================================================== Ubuntu Security Notice USN-557-1 December 18, 2007libgd2 vulnerabilityCVE-2007-3996===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 6.10Ubuntu 7.04Ubuntu 7.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: libgd2-noxpm 2.0.33-2ubuntu5.3 libgd2-xpm 2.0.33-2ubuntu5.3Ubuntu 6.10: libgd2-noxpm 2.0.33-4ubuntu2.2 libgd2-xpm 2.0.33-4ubuntu2.2Ubuntu 7.04: libgd2-noxpm 2.0.34~rc1-2ubuntu1.2 libgd2-xpm 2.0.34~rc1-2ubuntu1.2Ubuntu 7.10: libgd2-noxpm 2.0.34-1ubuntu1.1 libgd2-xpm 2.0.34-1ubuntu1.1In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:Mattias Bengtsson and Philip Olausson discovered that the GDlibrary did not properly perform bounds checking when creatingimages. An attacker could send specially crafted input toapplications linked against libgd2 and cause a denial of serviceor possibly execute arbitrary code.
More...