exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

CVE-2009-3546

Status Candidate

Overview

The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information.

Related Files

Slackware Security Advisory - libwmf Updates
Posted May 3, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New libwmf packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2004-0941, CVE-2006-3376, CVE-2007-0455, CVE-2007-2756, CVE-2007-3472, CVE-2007-3473, CVE-2007-3477, CVE-2009-3546, CVE-2015-0848, CVE-2015-4588, CVE-2015-4695, CVE-2015-4696, CVE-2016-10167, CVE-2016-10168, CVE-2016-9011, CVE-2016-9317, CVE-2017-6362
SHA-256 | e36e4f72eb165ba8766f63e12181c95dca942d5b1f2756db4eedb949f09b3bc5
Gentoo Linux Security Advisory 201006-16
Posted Jun 4, 2010
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201006-16 - The GD library is prone to a buffer overflow vulnerability. Tomas Hoger reported that the _gdGetColors() function in gd_gd.c does not properly verify the colorsTotal struct member, possibly leading to a buffer overflow. Versions less than 2.0.35-r1 are affected.

tags | advisory, overflow
systems | linux, gentoo
advisories | CVE-2009-3546
SHA-256 | f15e70e876491f7bf8e23cee721cf1c166d52c93737ac4c893872594c0c94ea4
Gentoo Linux Security Advisory 201001-3
Posted Jan 5, 2010
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201001-3 - Multiple vulnerabilities were found in PHP, the worst of which leading to the remote execution of arbitrary code. Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below and the associated PHP release notes for details. Versions less than 5.2.12 are affected.

tags | advisory, remote, arbitrary, php, vulnerability
systems | linux, gentoo
advisories | CVE-2008-5498, CVE-2008-5514, CVE-2008-5557, CVE-2008-5624, CVE-2008-5625, CVE-2008-5658, CVE-2008-5814, CVE-2008-5844, CVE-2008-7002, CVE-2009-0754, CVE-2009-1271, CVE-2009-1272, CVE-2009-2626, CVE-2009-2687, CVE-2009-3291, CVE-2009-3292, CVE-2009-3293, CVE-2009-3546
SHA-256 | aff1f9bdb3800d54675a65671b47a6ba413ece16b6ab47e89279c16cfaa490a7
Mandriva Linux Security Advisory 2009-324
Posted Dec 7, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-324 - Multiple vulnerabilities was discovered and corrected in php. Packages for 2008.0 are being provided due to extended support for Corporate products. This update provides a solution to these vulnerabilities.

tags | advisory, php, vulnerability
systems | linux, mandriva
advisories | CVE-2008-7068, CVE-2009-1271, CVE-2009-2687, CVE-2009-3291, CVE-2009-3292, CVE-2009-3293, CVE-2009-3546, CVE-2009-3557, CVE-2009-3558, CVE-2009-4017, CVE-2009-4018
SHA-256 | e3afdb1902dc3655ca41902b102924f73c6a2af7992eeefb617e4d6c17506ffa
Mandriva Linux Security Advisory 2009-284
Posted Dec 7, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-284 - The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.0, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information. This update fixes this vulnerability. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, remote, overflow, php
systems | linux, mandriva
advisories | CVE-2009-3546
SHA-256 | 0a48dbd281971083e993ee1e6b472c50470d32531cdb5316e8c021fa146ae813
Debian Linux Security Advisory 1936-1
Posted Nov 18, 2009
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1936-1 - Several vulnerabilities have been discovered in libgd2, a library for programmatic graphics creation and manipulation.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2007-0455, CVE-2009-3546
SHA-256 | 66708303038192047a61eddb05e535eccc4f5020eceeb60349b6a70ac5c0494e
Ubuntu Security Notice 854-1
Posted Nov 6, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 854-1 - Tomas Hoger discovered that the GD library did not properly handle the number of colors in certain malformed GD images. If a user or automated system were tricked into processing a specially crafted GD image, an attacker could cause a denial of service or possibly execute arbitrary code. It was discovered that the GD library did not properly handle incorrect color indexes. An attacker could send specially crafted input to applications linked against libgd2 and cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 6.06 LTS. It was discovered that the GD library did not properly handle certain malformed GIF images. If a user or automated system were tricked into processing a specially crafted GIF image, an attacker could cause a denial of service. This issue only affected Ubuntu 6.06 LTS. It was discovered that the GD library did not properly handle large angle degree values. An attacker could send specially crafted input to applications linked against libgd2 and cause a denial of service. This issue only affected Ubuntu 6.06 LTS.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2007-3475, CVE-2007-3476, CVE-2007-3477, CVE-2009-3293, CVE-2009-3546, CVE-2007-3476
SHA-256 | b73b36b887d79ca9e33bd11f21234253e6b1365bba9dccdfd6ef80ad069bb5e6
Mandriva Linux Security Advisory 2009-285
Posted Oct 21, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-285 - The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.0, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information. Added two upstream patches to address a bypass vulnerability in open_basedir and safe_mode. Additionally on CS4 a regression was found and fixed when using the gd-bundled.so variant from the php-gd package. This update fixes these vulnerabilities.

tags | advisory, remote, overflow, php, vulnerability, bypass
systems | linux, mandriva
advisories | CVE-2009-3546
SHA-256 | 0f9fafc0e066c87e3931727d57f745abeda0ec109f761ad0f41e73a0b3468629
Mandriva Linux Security Advisory 2009-284
Posted Oct 21, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-284 - The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.0, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information. This update fixes this vulnerability.

tags | advisory, remote, overflow, php
systems | linux, mandriva
advisories | CVE-2009-3546
SHA-256 | f7c936c3bb43f90da77951b9c5818106b16b74bd40b7a9c8f4b3c300eb92ea6d
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close