CVE-2009-3546

2009-10-1920:00:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2009-3546

php

gd graphics library

buffer overflow

vulnerability

remote attack

6.8 Medium

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.02 Low

EPSS

Percentile

88.7%

JSON

The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information.

CPENameOperatorVersion
libgd:gd_graphics_librarylibgd gd graphics libraryeq2.0.34
libgd:gd_graphics_librarylibgd gd graphics libraryeq2.0.33
libgd:gd_graphics_librarylibgd gd graphics libraryeq2.0.35
libgd:gd_graphics_librarylibgd gd graphics libraryeq2.0.36
php:phpphpeq5.2.11
php:phpphpeq5.3.0

CPE	Name	Operator	Version
libgd:gd_graphics_library	libgd gd graphics library	eq	2.0.34
libgd:gd_graphics_library	libgd gd graphics library	eq	2.0.33
libgd:gd_graphics_library	libgd gd graphics library	eq	2.0.35
libgd:gd_graphics_library	libgd gd graphics library	eq	2.0.36
php:php	php	eq	5.2.11
php:php	php	eq	5.3.0