Описание
The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 4 | libwmf | Will not fix | ||
| Red Hat Enterprise Linux 5 | libwmf | Will not fix | ||
| Red Hat Enterprise Linux 6 | gd | Affected | ||
| Red Hat Enterprise Linux 6 | libwmf | Will not fix | ||
| Red Hat Enterprise Linux 3 | php | Fixed | RHSA-2010:0040 | 13.01.2010 |
| Red Hat Enterprise Linux 4 | gd | Fixed | RHSA-2010:0003 | 04.01.2010 |
| Red Hat Enterprise Linux 4 | php | Fixed | RHSA-2010:0040 | 13.01.2010 |
| Red Hat Enterprise Linux 5 | gd | Fixed | RHSA-2010:0003 | 04.01.2010 |
| Red Hat Enterprise Linux 5 | php | Fixed | RHSA-2010:0040 | 13.01.2010 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.4 Medium
CVSS2
Связанные уязвимости
The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information.
The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information.
The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5. ...
The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information.
EPSS
4.4 Medium
CVSS2