exploit the possibilities
Showing 1 - 9 of 9 RSS Feed

CVE-2009-3546

Status Candidate

Overview

The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information.

Related Files

Slackware Security Advisory - libwmf Updates
Posted May 3, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New libwmf packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2004-0941, CVE-2006-3376, CVE-2007-0455, CVE-2007-2756, CVE-2007-3472, CVE-2007-3473, CVE-2007-3477, CVE-2009-3546, CVE-2015-0848, CVE-2015-4588, CVE-2015-4695, CVE-2015-4696, CVE-2016-10167, CVE-2016-10168, CVE-2016-9011, CVE-2016-9317, CVE-2017-6362
MD5 | 1a0ecb3b20f4bb61b24317595e754b22
Gentoo Linux Security Advisory 201006-16
Posted Jun 4, 2010
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201006-16 - The GD library is prone to a buffer overflow vulnerability. Tomas Hoger reported that the _gdGetColors() function in gd_gd.c does not properly verify the colorsTotal struct member, possibly leading to a buffer overflow. Versions less than 2.0.35-r1 are affected.

tags | advisory, overflow
systems | linux, gentoo
advisories | CVE-2009-3546
MD5 | aa166679eed6bd3059141e3171677054
Gentoo Linux Security Advisory 201001-3
Posted Jan 5, 2010
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201001-3 - Multiple vulnerabilities were found in PHP, the worst of which leading to the remote execution of arbitrary code. Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below and the associated PHP release notes for details. Versions less than 5.2.12 are affected.

tags | advisory, remote, arbitrary, php, vulnerability
systems | linux, gentoo
advisories | CVE-2008-5498, CVE-2008-5514, CVE-2008-5557, CVE-2008-5624, CVE-2008-5625, CVE-2008-5658, CVE-2008-5814, CVE-2008-5844, CVE-2008-7002, CVE-2009-0754, CVE-2009-1271, CVE-2009-1272, CVE-2009-2626, CVE-2009-2687, CVE-2009-3291, CVE-2009-3292, CVE-2009-3293, CVE-2009-3546
MD5 | 712336a63c0cc0a0608bdcf2ae90dee2
Mandriva Linux Security Advisory 2009-324
Posted Dec 7, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-324 - Multiple vulnerabilities was discovered and corrected in php. Packages for 2008.0 are being provided due to extended support for Corporate products. This update provides a solution to these vulnerabilities.

tags | advisory, php, vulnerability
systems | linux, mandriva
advisories | CVE-2008-7068, CVE-2009-1271, CVE-2009-2687, CVE-2009-3291, CVE-2009-3292, CVE-2009-3293, CVE-2009-3546, CVE-2009-3557, CVE-2009-3558, CVE-2009-4017, CVE-2009-4018
MD5 | a89c4f4f4309a00aad6d14aaf7b52bda
Mandriva Linux Security Advisory 2009-284
Posted Dec 7, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-284 - The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.0, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information. This update fixes this vulnerability. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, remote, overflow, php
systems | linux, mandriva
advisories | CVE-2009-3546
MD5 | 92948b471abb1414d0c11d345fc6efcf
Debian Linux Security Advisory 1936-1
Posted Nov 18, 2009
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1936-1 - Several vulnerabilities have been discovered in libgd2, a library for programmatic graphics creation and manipulation.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2007-0455, CVE-2009-3546
MD5 | 5e176fdb2d5cbb68b2e4cc446c56b44a
Ubuntu Security Notice 854-1
Posted Nov 6, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 854-1 - Tomas Hoger discovered that the GD library did not properly handle the number of colors in certain malformed GD images. If a user or automated system were tricked into processing a specially crafted GD image, an attacker could cause a denial of service or possibly execute arbitrary code. It was discovered that the GD library did not properly handle incorrect color indexes. An attacker could send specially crafted input to applications linked against libgd2 and cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 6.06 LTS. It was discovered that the GD library did not properly handle certain malformed GIF images. If a user or automated system were tricked into processing a specially crafted GIF image, an attacker could cause a denial of service. This issue only affected Ubuntu 6.06 LTS. It was discovered that the GD library did not properly handle large angle degree values. An attacker could send specially crafted input to applications linked against libgd2 and cause a denial of service. This issue only affected Ubuntu 6.06 LTS.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2007-3475, CVE-2007-3476, CVE-2007-3477, CVE-2009-3293, CVE-2009-3546, CVE-2007-3476
MD5 | cb28084f26cff56c1d9feb4c51ff05c4
Mandriva Linux Security Advisory 2009-285
Posted Oct 21, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-285 - The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.0, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information. Added two upstream patches to address a bypass vulnerability in open_basedir and safe_mode. Additionally on CS4 a regression was found and fixed when using the gd-bundled.so variant from the php-gd package. This update fixes these vulnerabilities.

tags | advisory, remote, overflow, php, vulnerability, bypass
systems | linux, mandriva
advisories | CVE-2009-3546
MD5 | b19794f60b102bc2c1742c3708cc2dd0
Mandriva Linux Security Advisory 2009-284
Posted Oct 21, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-284 - The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.0, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information. This update fixes this vulnerability.

tags | advisory, remote, overflow, php
systems | linux, mandriva
advisories | CVE-2009-3546
MD5 | 93fdb65b59a6658896a07d37263f459e
Page 1 of 1
Back1Next

File Archive:

October 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    16 Files
  • 2
    Oct 2nd
    1 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    24 Files
  • 5
    Oct 5th
    24 Files
  • 6
    Oct 6th
    11 Files
  • 7
    Oct 7th
    14 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    1 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    7 Files
  • 12
    Oct 12th
    15 Files
  • 13
    Oct 13th
    26 Files
  • 14
    Oct 14th
    10 Files
  • 15
    Oct 15th
    6 Files
  • 16
    Oct 16th
    2 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    14 Files
  • 19
    Oct 19th
    15 Files
  • 20
    Oct 20th
    20 Files
  • 21
    Oct 21st
    12 Files
  • 22
    Oct 22nd
    14 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close