Published: 22/09/2009 Updated: 30/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Unspecified vulnerability in the imagecolortransparent function in PHP prior to 5.2.11 has unknown impact and attack vectors related to an incorrect "sanity check for the color index."

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php 4.3.6
php php 4.3.5
php php 4.2.0
php php 4.4.5
php php 5.0.0
php php 4.3.7
php php 4.4.4
php php 5.1.0
php php 5.0.5
php php 5.0.2
php php 5.0.1
php php 4.2
php php 4.4.9
php php 3.0.1
php php 3.0
php php 3.0.17
php php 3.0.16
php php 3.0.5
php php 3.0.6
php php 4.0
php php 4.0.6
php php 4.0.1
php php 4.1.2
php php 4.0.7
php php 5.2.7
php php 5.2.6
php php 4.3.10
php php 4.3.1
php php 4.1.0
php php 4.2.1
php php 4.4.6
php php 4.4.7
php php 4.3.8
php php 4.3.9
php php 5.0.4
php php 5.0.3
php php 5
php php 4
php php 3.0.2
php php 3.0.18
php php 4.0.5
php php 4.0.4
php php 4.1.1
php php 5.1.1
php php 5.1.2
php php 5.1.3
php php 5.2.4
php php 5.2.2
php php 4.3.2
php php 4.3.11
php php 4.2.3
php php 5.0
php php 4.4.0
php php 4.4.1
php php 1.0
php php 2.0b10
php php 3.0.11
php php 3.0.4
php php 3.0.3
php php 3.0.9
php php 4.0.0
php php 4.0.3
php php 5.1.4
php php 5.1.5
php php 5.2.0
php php 5.2.9
php php 4.3.4
php php 4.3.3
php php 4.2.2
php php 4.3.0
php php 4.4.2
php php 4.4.3
php php 2.0
php php 4.4.8
php php 3.0.10
php php 3.0.13
php php 3.0.12
php php 3.0.15
php php 3.0.14
php php 3.0.7
php php 3.0.8
php php 4.0.2
php php 5.1.6
php php 5.2.8
php php

Debian Bug report logs - #552534 libgd2: CVE-2009-3546: possible buffer overflow or buffer over-read attacks via crafted files Package: src:libgd2; Maintainer for src:libgd2 is GD Team <team+gd@trackerdebianorg>; Reported by: Raphael Geissert <geissert@debianorg> Date: Tue, 27 Oct 2009 10:12:02 UTC Severity: grave ...

Tomas Hoger discovered that the GD library did not properly handle the number of colors in certain malformed GD images If a user or automated system were tricked into processing a specially crafted GD image, an attacker could cause a denial of service or possibly execute arbitrary code (CVE-2009-3546) ...

NVD-CWE-noinfo http://www.php.net/ChangeLog-5.php#5.2.11 http://www.php.net/releases/5_2_11.php http://secunia.com/advisories/36791 http://www.osvdb.org/58187 http://www.securitytracker.com/id?1022914 http://support.apple.com/kb/HT3937 http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html http://www.vupen.com/english/advisories/2009/3184 http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html http://secunia.com/advisories/40262 http://marc.info/?l=bugtraq&m=127680701405735&w=2 http://marc.info/?l=bugtraq&m=130497311408250&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7047 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552534 https://usn.ubuntu.com/854-1/https://nvd.nist.gov

CVE-2009-3293

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect