National Cyber-Alert System

Vulnerability Summary for CVE-2008-5498

Overview

Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: FEDORA

Name: FEDORA-2009-3848

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html

External Source: FEDORA

Name: FEDORA-2009-3768

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html

External Source: XF

Name: php-imagerotate-info-disclosure(47635)

Hyperlink:http://xforce.iss.net/xforce/xfdb/47635

External Source: BID

Name: 33002

Hyperlink:http://www.securityfocus.com/bid/33002

External Source: REDHAT

Name: RHSA-2009:0350

Hyperlink:http://www.redhat.com/support/errata/RHSA-2009-0350.html

External Source: CONFIRM

Name: http://www.php.net/releases/5_2_9.php

Hyperlink:http://www.php.net/releases/5_2_9.php

External Source: MANDRIVA

Name: MDVSA-2009:023

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2009:023

External Source: MANDRIVA

Name: MDVSA-2009:022

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2009:022

External Source: MANDRIVA

Name: MDVSA-2009:021

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2009:021

External Source: SECTRACK

Name: 1021494

Hyperlink:http://securitytracker.com/id?1021494

External Source: SECUNIA

Name: 35650

Hyperlink:http://secunia.com/advisories/35650

External Source: SECUNIA

Name: 35306

Hyperlink:http://secunia.com/advisories/35306

External Source: SECUNIA

Name: 34642

Hyperlink:http://secunia.com/advisories/34642

External Source: OSVDB

Name: 51031

Hyperlink:http://osvdb.org/51031

External Source: HP

Name: HPSBUX02431

Hyperlink:http://marc.info/?l=bugtraq&m=124654546101607&w=2

External Source: HP

Name: HPSBUX02431

Hyperlink:http://marc.info/?l=bugtraq&m=124654546101607&w=2

External Source: SUSE

Name: SUSE-SR:2009:008

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html

External Source: MISC

Name: http://downloads.securityfocus.com/vulnerabilities/exploits/33002.php

Hyperlink:http://downloads.securityfocus.com/vulnerabilities/exploits/33002.php

External Source: MISC

Name: http://downloads.securityfocus.com/vulnerabilities/exploits/33002-2.php

Hyperlink:http://downloads.securityfocus.com/vulnerabilities/exploits/33002-2.php

External Source: CONFIRM

Name: http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1360&r2=1.2027.2.547.2.1361&diff_format=u

Hyperlink:http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1360&r2=1.2027.2.547.2.1361&diff_format=u