#VU110415 Input validation error in PHP - CVE-2007-1001


| Updated: 2025-06-13

Vulnerability identifier: #VU110415

Vulnerability risk: Medium

CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2007-1001

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
PHP
Universal components / Libraries / Scripting languages

Vendor: PHP Group

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Multiple integer overflows in the (1) createwbmp and (2) readwbmp functions in wbmp.c in the GD library (libgd) in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allow context-dependent attackers to execute arbitrary code via Wireless Bitmap (WBMP) images with large width or height values.

Mitigation
Install update from vendor's website.

Vulnerable software versions

PHP: 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.1, 4.1.1, 4.1.2, 4.2, 4.2.1, 4.2.2, 4.2.3, 4.3, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7, 4.3.8, 4.3.9, 4.3.10, 4.3.11, 4.4, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.4.5, 4.4.6, 5, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.1.0, 5.1.1, 5.1.2, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.2, 5.2.1

External links
https://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/wbmp.c?r1=1.2.4.1&r2=1.2.4.1.8.1
https://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/wbmp.c?revision=1.2.4.1.8.1&view=markup
https://docs.info.apple.com/article.html?artnum=306172
https://ifsec.blogspot.com/2007/04/php-521-wbmp-file-handling-integer.html
https://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
https://rhn.redhat.com/errata/RHSA-2007-0155.html
https://secunia.com/advisories/24814
https://secunia.com/advisories/24909
https://secunia.com/advisories/24924
https://secunia.com/advisories/24945
https://secunia.com/advisories/24965
https://secunia.com/advisories/25056
https://secunia.com/advisories/25151
https://secunia.com/advisories/25445
https://secunia.com/advisories/26235
https://security.gentoo.org/glsa/glsa-200705-19.xml
https://us2.php.net/releases/4_4_7.php
https://us2.php.net/releases/5_2_2.php
https://www.mandriva.com/security/advisories?name=MDKSA-2007:087
https://www.mandriva.com/security/advisories?name=MDKSA-2007:088
https://www.mandriva.com/security/advisories?name=MDKSA-2007:089
https://www.mandriva.com/security/advisories?name=MDKSA-2007:090
https://www.novell.com/linux/security/advisories/2007_32_php.html
https://www.redhat.com/support/errata/RHSA-2007-0153.html
https://www.redhat.com/support/errata/RHSA-2007-0162.html
https://www.securityfocus.com/archive/1/464957/100/0/threaded
https://www.securityfocus.com/archive/1/466166/100/0/threaded
https://www.securityfocus.com/bid/23357
https://www.securityfocus.com/bid/25159
https://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.470053
https://www.vupen.com/english/advisories/2007/1269
https://www.vupen.com/english/advisories/2007/2732
https://exchange.xforce.ibmcloud.com/vulnerabilities/33453
https://issues.rpath.com/browse/RPL-1268
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10179

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.


Latest bulletins with this vulnerability


Multiple vulnerabilities in PHP
Gentoo update for PHP