CVE-2009-3546

HIGH

Description

The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information.

References

http://marc.info/?l=oss-security&m=125562113503923&w=2

http://secunia.com/advisories/37069

http://secunia.com/advisories/37080

http://secunia.com/advisories/38055

http://svn.php.net/viewvc?view=revision&revision=289557

http://www.mandriva.com/security/advisories?name=MDVSA-2009:285

http://www.openwall.com/lists/oss-security/2009/11/20/5

http://www.redhat.com/support/errata/RHSA-2010-0003.html

http://www.securityfocus.com/bid/36712

http://www.vupen.com/english/advisories/2009/2929

http://www.vupen.com/english/advisories/2009/2930

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11199

Details

Source: MITRE

Published: 2009-10-19

Updated: 2017-09-19

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Tenable Plugins

View all (29 total)

IDNameProductFamilySeverity
109432Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : libwmf (SSA:2018-120-01)NessusSlackware Local Security Checks
critical
86635Amazon Linux AMI : libwmf (ALAS-2015-604)NessusAmazon Linux Local Security Checks
high
84782FreeBSD : libwmf -- multiple vulnerabilities (ca139c7f-2a8c-11e5-a4a5-002590263bf5)NessusFreeBSD Local Security Checks
critical
67986Oracle Linux 3 / 4 / 5 : php (ELSA-2010-0040)NessusOracle Linux Local Security Checks
high
67980Oracle Linux 4 / 5 : gd (ELSA-2010-0003)NessusOracle Linux Local Security Checks
high
60723Scientific Linux Security Update : php on SL3.x, SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
high
60714Scientific Linux Security Update : gd on SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
high
59800Fedora 16 : gd-2.0.35-17.fc16 (2012-9314)NessusFedora Local Security Checks
high
59799Fedora 17 : gd-2.0.35-17.fc17 (2012-9298)NessusFedora Local Security Checks
high
49829SuSE 10 Security Update : PHP5 (ZYPP Patch Number 6847)NessusSuSE Local Security Checks
high
47186Fedora 11 : maniadrive-1.2-17.fc11 / php-5.2.12-1.fc11 (2010-0495)NessusFedora Local Security Checks
high
46805GLSA-201006-16 : GD: User-assisted execution of arbitrary codeNessusGentoo Local Security Checks
high
44892GLSA-201001-03 : PHP: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
44801Debian DSA-1936-1 : libgd2 - several vulnerabilitiesNessusDebian Local Security Checks
high
44687SuSE 10 Security Update : PHP5 (ZYPP Patch Number 6846)NessusSuSE Local Security Checks
high
44686SuSE 11 Security Update : PHP5 (SAT Patch Number 1978)NessusSuSE Local Security Checks
high
44683openSUSE Security Update : apache2-mod_php5 (apache2-mod_php5-1993)NessusSuSE Local Security Checks
high
44680openSUSE Security Update : apache2-mod_php5 (apache2-mod_php5-1993)NessusSuSE Local Security Checks
high
44678openSUSE Security Update : apache2-mod_php5 (apache2-mod_php5-1993)NessusSuSE Local Security Checks
high
43883RHEL 3 / 4 / 5 : php (RHSA-2010:0040)NessusRed Hat Local Security Checks
high
43878CentOS 3 / 4 / 5 : php (CESA-2010:0040)NessusCentOS Local Security Checks
high
43628RHEL 4 / 5 : gd (RHSA-2010:0003)NessusRed Hat Local Security Checks
high
43625CentOS 4 / 5 : gd (CESA-2010:0003)NessusCentOS Local Security Checks
high
43043Mandriva Linux Security Advisory : php (MDVSA-2009:324)NessusMandriva Local Security Checks
high
43008Fedora 12 : maniadrive-1.2-19.fc12 / php-5.3.1-1.fc12 (2009-12017)NessusFedora Local Security Checks
high
42428FreeBSD : gd -- '_gdGetColors' remote buffer overflow vulnerability (4e8344a3-ca52-11de-8ee8-00215c6a37bb)NessusFreeBSD Local Security Checks
high
42407Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : libgd2 vulnerabilities (USN-854-1)NessusUbuntu Local Security Checks
high
42199Mandriva Linux Security Advisory : php (MDVSA-2009:285)NessusMandriva Local Security Checks
high
42198Mandriva Linux Security Advisory : gd (MDVSA-2009:284-1)NessusMandriva Local Security Checks
high