CVE

Id
40981  
CVE No.
CVE-2009-3546  
Status
Candidate  
Description
The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information.  
Phase
Assigned (20091005)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
448609 40981 CVE-2009-3546 MLIST:[oss-security] 20091015 Re: CVE Request -- PHP 5 - 5.2.11  View
448610 40981 CVE-2009-3546 URL:http://marc.info/?l=oss-security&m=125562113503923&w=2  View
448611 40981 CVE-2009-3546 MLIST:[oss-security] 20091120 Re: CVE request: php 5.3.1 update  View
448612 40981 CVE-2009-3546 URL:http://www.openwall.com/lists/oss-security/2009/11/20/5  View
448613 40981 CVE-2009-3546 CONFIRM:http://svn.php.net/viewvc?view=revision&revision=289557  View
448614 40981 CVE-2009-3546 MANDRIVA:MDVSA-2009:285  View
448615 40981 CVE-2009-3546 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:285  View
448616 40981 CVE-2009-3546 REDHAT:RHSA-2010:0003  View
448617 40981 CVE-2009-3546 URL:http://www.redhat.com/support/errata/RHSA-2010-0003.html  View
448618 40981 CVE-2009-3546 BID:36712  View
448619 40981 CVE-2009-3546 URL:http://www.securityfocus.com/bid/36712  View
448620 40981 CVE-2009-3546 OVAL:oval:org.mitre.oval:def:11199  View
448621 40981 CVE-2009-3546 URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11199  View
448622 40981 CVE-2009-3546 SECUNIA:37069  View
448623 40981 CVE-2009-3546 URL:http://secunia.com/advisories/37069  View
448624 40981 CVE-2009-3546 SECUNIA:37080  View
448625 40981 CVE-2009-3546 URL:http://secunia.com/advisories/37080  View
448626 40981 CVE-2009-3546 SECUNIA:38055  View
448627 40981 CVE-2009-3546 URL:http://secunia.com/advisories/38055  View
448628 40981 CVE-2009-3546 VUPEN:ADV-2009-2929  View
448629 40981 CVE-2009-3546 URL:http://www.vupen.com/english/advisories/2009/2929  View
448630 40981 CVE-2009-3546 VUPEN:ADV-2009-2930  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
41531 JVNDB-2009-002538 Wireshark の DCERPC/NT 解析部におけるサービス運用妨害 (DoS) の脆弱性 Wireshark の DCERPC/NT 解析部には、パケットの処理に関して不備があるため、サービス運用妨害 (DoS) 状態となる脆弱性が存在します。 CVE-2009-3550 40981 4.3 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002538.html  View