Lucene search

K
freebsdFreeBSD4E8344A3-CA52-11DE-8EE8-00215C6A37BB
HistoryOct 15, 2009 - 12:00 a.m.

gd -- '_gdGetColors' remote buffer overflow vulnerability

2009-10-1500:00:00
vuxml.freebsd.org
22

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.02 Low

EPSS

Percentile

88.6%

CVE reports:

The _gdGetColors function in gd_gd.c in PHP 5.2.11 and
5.3.0, and the GD Graphics Library 2.x, does not properly
verify a certain colorsTotal structure member, which might
allow remote attackers to conduct buffer overflow or buffer
over-read attacks via a crafted GD file, a different
vulnerability than CVE-2009-3293.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchgd< 2.0.35_2,1UNKNOWN
FreeBSDanynoarchphp5-gd< 5.2.11_2UNKNOWN
FreeBSDanynoarchphp4-gd< 4.4.9_4UNKNOWN

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.02 Low

EPSS

Percentile

88.6%

Related for 4E8344A3-CA52-11DE-8EE8-00215C6A37BB