Lucene search

K
ubuntucveUbuntu.comUB:CVE-2008-5498
HistoryDec 26, 2008 - 12:00 a.m.

CVE-2008-5498

2008-12-2600:00:00
ubuntu.com
ubuntu.com
18
php 5.2.8
imagerotate function
array index error
memory locations
indexed image
ubuntu
libgd2

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.015

Percentile

86.9%

Array index error in the imageRotate function in PHP 5.2.8 and earlier
allows context-dependent attackers to read the contents of arbitrary memory
locations via a crafted value of the third argument (aka the bgd_color or
clrBack argument) for an indexed image.

Notes

Author Note
jdstrand php5 on Ubuntu is linked against libgd2, which is not affected

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.015

Percentile

86.9%