CVE-2009-3546
Published: 19 October 2009
The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information.
Notes
| Author | Note |
|---|---|
| mdeslaur | PoC in php commit php not affected - uses system libgd2 |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
php5 Launchpad, Ubuntu, Debian |
upstream |
Released
(5.2.11)
|
| dapper |
Not vulnerable
|
|
| hardy |
Not vulnerable
|
|
| intrepid |
Not vulnerable
|
|
| jaunty |
Not vulnerable
|
|
| karmic |
Not vulnerable
|
|
|
Patches: upstream: http://svn.php.net/viewvc?view=revision&revision=289557 |
||
|
libgd2 Launchpad, Ubuntu, Debian |
upstream |
Released
(2.0.36~rc1~dfsg-3.1)
|
| dapper |
Released
(2.0.33-2ubuntu5.4)
|
|
| hardy |
Released
(2.0.35.dfsg-3ubuntu2.1)
|
|
| intrepid |
Released
(2.0.36~rc1~dfsg-3ubuntu1.8.10.1)
|
|
| jaunty |
Released
(2.0.36~rc1~dfsg-3ubuntu1.9.04.1)
|
|
| karmic |
Released
(2.0.36~rc1~dfsg-3ubuntu1.9.10.1)
|
|
|
Patches: upstream: http://svn.php.net/viewvc?view=revision&revision=289557 (fix) |
||