Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2009-3546

Опубликовано: 19 окт. 2009
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 9.3

Описание

The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information.

РелизСтатусПримечание
dapper

released

2.0.33-2ubuntu5.4
devel

not-affected

2.0.36~rc1~dfsg-3.1ubuntu1
hardy

released

2.0.35.dfsg-3ubuntu2.1
intrepid

released

2.0.36~rc1~dfsg-3ubuntu1.8.10.1
jaunty

released

2.0.36~rc1~dfsg-3ubuntu1.9.04.1
karmic

released

2.0.36~rc1~dfsg-3ubuntu1.9.10.1
upstream

released

2.0.36~rc1~dfsg-3.1

Показывать по

РелизСтатусПримечание
dapper

not-affected

devel

not-affected

hardy

not-affected

intrepid

not-affected

jaunty

not-affected

karmic

not-affected

upstream

released

5.2.11

Показывать по

Ссылки на источники

EPSS

Процентиль: 87%
0.03545
Низкий

9.3 Critical

CVSS2

Связанные уязвимости

redhat логотип

CVE-2009-3546

redhat
около 16 лет назад

The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information.

nvd логотип

CVE-2009-3546

nvd
около 16 лет назад

The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information.

debian логотип

CVE-2009-3546

debian
около 16 лет назад

The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5. ...

github логотип

GHSA-w7xp-2c87-fchc

github
больше 3 лет назад

The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information.

oracle-oval логотип

ELSA-2010-0003

oracle-oval
почти 16 лет назад

ELSA-2010-0003: gd security update (MODERATE)

EPSS

Процентиль: 87%
0.03545
Низкий

9.3 Critical

CVSS2