CVE-2009-3546

2009-10-1920:00:00

CWE-119

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

Confidence

Low

EPSS

0.018

Percentile

88.2%

JSON

The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information.

Affected configurations

Nvd

Node

libgdgd_graphics_libraryMatch2.0.33

libgdgd_graphics_libraryMatch2.0.34

libgdgd_graphics_libraryMatch2.0.34rc1

libgdgd_graphics_libraryMatch2.0.34rc2

libgdgd_graphics_libraryMatch2.0.35

libgdgd_graphics_libraryMatch2.0.35rc1

libgdgd_graphics_libraryMatch2.0.35rc2

libgdgd_graphics_libraryMatch2.0.35rc3

libgdgd_graphics_libraryMatch2.0.35rc4

libgdgd_graphics_libraryMatch2.0.35rc5

libgdgd_graphics_libraryMatch2.0.36rc1

Node

phpphpMatch5.2.11

phpphpMatch5.3.0

VendorProductVersionCPE
libgdgd_graphics_library2.0.33cpe:2.3:a:libgd:gd_graphics_library:2.0.33:*:*:*:*:*:*:*
libgdgd_graphics_library2.0.34cpe:2.3:a:libgd:gd_graphics_library:2.0.34:*:*:*:*:*:*:*
libgdgd_graphics_library2.0.34cpe:2.3:a:libgd:gd_graphics_library:2.0.34:rc1:*:*:*:*:*:*
libgdgd_graphics_library2.0.34cpe:2.3:a:libgd:gd_graphics_library:2.0.34:rc2:*:*:*:*:*:*
libgdgd_graphics_library2.0.35cpe:2.3:a:libgd:gd_graphics_library:2.0.35:*:*:*:*:*:*:*
libgdgd_graphics_library2.0.35cpe:2.3:a:libgd:gd_graphics_library:2.0.35:rc1:*:*:*:*:*:*
libgdgd_graphics_library2.0.35cpe:2.3:a:libgd:gd_graphics_library:2.0.35:rc2:*:*:*:*:*:*
libgdgd_graphics_library2.0.35cpe:2.3:a:libgd:gd_graphics_library:2.0.35:rc3:*:*:*:*:*:*
libgdgd_graphics_library2.0.35cpe:2.3:a:libgd:gd_graphics_library:2.0.35:rc4:*:*:*:*:*:*
libgdgd_graphics_library2.0.35cpe:2.3:a:libgd:gd_graphics_library:2.0.35:rc5:*:*:*:*:*:*

Vendor	Product	Version	CPE
libgd	gd_graphics_library	2.0.33	cpe:2.3:a:libgd:gd_graphics_library:2.0.33:::::::*
libgd	gd_graphics_library	2.0.34	cpe:2.3:a:libgd:gd_graphics_library:2.0.34:::::::*
libgd	gd_graphics_library	2.0.34	cpe:2.3:a:libgd:gd_graphics_library:2.0.34:rc1::::::
libgd	gd_graphics_library	2.0.34	cpe:2.3:a:libgd:gd_graphics_library:2.0.34:rc2::::::
libgd	gd_graphics_library	2.0.35	cpe:2.3:a:libgd:gd_graphics_library:2.0.35:::::::*
libgd	gd_graphics_library	2.0.35	cpe:2.3:a:libgd:gd_graphics_library:2.0.35:rc1::::::
libgd	gd_graphics_library	2.0.35	cpe:2.3:a:libgd:gd_graphics_library:2.0.35:rc2::::::
libgd	gd_graphics_library	2.0.35	cpe:2.3:a:libgd:gd_graphics_library:2.0.35:rc3::::::
libgd	gd_graphics_library	2.0.35	cpe:2.3:a:libgd:gd_graphics_library:2.0.35:rc4::::::
libgd	gd_graphics_library	2.0.35	cpe:2.3:a:libgd:gd_graphics_library:2.0.35:rc5::::::