CVE-2009-3546

Impact:
Low
Public Date:
2009-10-12
CWE:
CWE-20
Bugzilla:
529213: CVE-2009-3546 gd: insufficient input validation in _gdGetColors()

The MITRE CVE dictionary describes this issue as:

The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information.

Find out more about CVE-2009-3546 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 4.4
Base Metrics AV:L/AC:M/Au:N/C:P/I:P/A:P
Access Vector Local
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 4 (gd) RHSA-2010:0003 2010-01-04
Red Hat Enterprise Linux 5 (php) RHSA-2010:0040 2010-01-13
Red Hat Enterprise Linux 5 (gd) RHSA-2010:0003 2010-01-04
Red Hat Enterprise Linux 3 (php) RHSA-2010:0040 2010-01-13
Red Hat Enterprise Linux 4 (php) RHSA-2010:0040 2010-01-13

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 6 libwmf Will not fix
Red Hat Enterprise Linux 6 gd Will not fix
Red Hat Enterprise Linux 5 libwmf Will not fix
Red Hat Enterprise Linux 4 libwmf Will not fix
Last Modified

CVE description copyright © 2017, The MITRE Corporation