Published: 19/10/2009 Updated: 13/02/2023

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x prior to 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote malicious users to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libgd gd graphics library 2.0.34
libgd gd graphics library 2.0.33
libgd gd graphics library 2.0.35
libgd gd graphics library 2.0.36
php php 5.2.11
php php 5.3.0

Tomas Hoger discovered that the GD library did not properly handle the number of colors in certain malformed GD images If a user or automated system were tricked into processing a specially crafted GD image, an attacker could cause a denial of service or possibly execute arbitrary code (CVE-2009-3546) ...

Synopsis Moderate: gd security update Type/Severity Security Advisory: Moderate Topic Updated gd packages that fix a security issue are now available for Red HatEnterprise Linux 4 and 5This update has been rated as having moderate security impact by the RedHat Security Response Team Description ...

Synopsis Moderate: php security update Type/Severity Security Advisory: Moderate Topic Updated php packages that fix several security issues are now available forRed Hat Enterprise Linux 3, 4, and 5This update has been rated as having moderate security impact by the RedHat Security Response Team ...

Debian Bug report logs - #408982 CVE-2007-0455: libgd2: "gdImageStringFTEx()" Denial of Service Package: libgd2; Maintainer for libgd2 is GD Team <team+gd@trackerdebianorg>; Reported by: Alex de Oliveira Silva <enerv@hostsk> Date: Mon, 29 Jan 2007 18:03:07 UTC Severity: important Tags: security Found in versions ...

Debian Bug report logs - #552534 libgd2: CVE-2009-3546: possible buffer overflow or buffer over-read attacks via crafted files Package: src:libgd2; Maintainer for src:libgd2 is GD Team <team+gd@trackerdebianorg>; Reported by: Raphael Geissert <geissert@debianorg> Date: Tue, 27 Oct 2009 10:12:02 UTC Severity: grave ...

Debian Bug report logs - #601525 plt-scheme embeds a vulnerable version of libgd 2x Package: plt-scheme; Maintainer for plt-scheme is David Bremner <bremner@debianorg>; Source for plt-scheme is src:racket (PTS, buildd, popcon) Reported by: Silvio Cesare <silviocesare@gmailcom> Date: Wed, 27 Oct 2010 02:36:01 UTC ...

It was discovered that libwmf did not correctly process certain WMF (Windows Metafiles) with embedded BMP images By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the application (CVE-2015-0 ...

The _gdGetColors function in gd_gdc in PHP 5211 and 53x before 531, and the GD Graphics Library 2x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file ...

CWE-119 http://secunia.com/advisories/37080 http://www.vupen.com/english/advisories/2009/2930 http://secunia.com/advisories/37069 http://marc.info/?l=oss-security&m=125562113503923&w=2 http://www.securityfocus.com/bid/36712 http://www.vupen.com/english/advisories/2009/2929 http://svn.php.net/viewvc?view=revision&revision=289557 http://www.openwall.com/lists/oss-security/2009/11/20/5 http://www.mandriva.com/security/advisories?name=MDVSA-2009:285 http://www.redhat.com/support/errata/RHSA-2010-0003.html http://secunia.com/advisories/38055 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11199 https://usn.ubuntu.com/854-1/https://nvd.nist.gov

Get Started

CVE-2009-3546

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect