CVE-2008-5498

Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
VendorProductVersion
phpphp
𝑥
≤ 5.2.8
phpphp
5.0:rc1
phpphp
5.0:rc2
phpphp
5.0:rc3
phpphp
5.0.0
phpphp
5.0.0:beta1
phpphp
5.0.0:beta2
phpphp
5.0.0:beta3
phpphp
5.0.0:beta4
phpphp
5.0.0:rc1
phpphp
5.0.0:rc2
phpphp
5.0.0:rc3
phpphp
5.0.1
phpphp
5.0.2
phpphp
5.0.3
phpphp
5.0.4
phpphp
5.0.5
phpphp
5.1.0
phpphp
5.1.1
phpphp
5.1.2
phpphp
5.1.3
phpphp
5.1.4
phpphp
5.1.5
phpphp
5.1.6
phpphp
5.2.0
phpphp
5.2.1
phpphp
5.2.2
phpphp
5.2.3
phpphp
5.2.4
phpphp
5.2.5
phpphp
5.2.6
phpphp
5.2.7
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libgd2
bullseye
2.3.0-2
fixed
bookworm
2.3.3-9
fixed
sid
2.3.3-12
fixed
trixie
2.3.3-12
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libgd2
intrepid
not-affected
hardy
not-affected
gutsy
not-affected
dapper
not-affected
php5
intrepid
not-affected
hardy
not-affected
gutsy
not-affected
dapper
not-affected
Common Weakness Enumeration
References
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1360&r2=1.2027.2.547.2.1361&diff_format=u
http://downloads.securityfocus.com/vulnerabilities/exploits/33002-2.php
http://downloads.securityfocus.com/vulnerabilities/exploits/33002.php
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
http://marc.info/?l=bugtraq&m=124654546101607&w=2
http://marc.info/?l=bugtraq&m=124654546101607&w=2
http://marc.info/?l=bugtraq&m=125631037611762&w=2
http://marc.info/?l=bugtraq&m=125631037611762&w=2
http://osvdb.org/51031
http://secunia.com/advisories/34642
http://secunia.com/advisories/35306
http://secunia.com/advisories/35650
http://secunia.com/advisories/36701
http://securitytracker.com/id?1021494
http://support.apple.com/kb/HT3865
http://www.mandriva.com/security/advisories?name=MDVSA-2009:021
http://www.mandriva.com/security/advisories?name=MDVSA-2009:022
http://www.mandriva.com/security/advisories?name=MDVSA-2009:023
http://www.php.net/releases/5_2_9.php
http://www.redhat.com/support/errata/RHSA-2009-0350.html
http://www.securityfocus.com/bid/33002
https://exchange.xforce.ibmcloud.com/vulnerabilities/47635
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9667
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1360&r2=1.2027.2.547.2.1361&diff_format=u
http://downloads.securityfocus.com/vulnerabilities/exploits/33002-2.php
http://downloads.securityfocus.com/vulnerabilities/exploits/33002.php
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
http://marc.info/?l=bugtraq&m=124654546101607&w=2
http://marc.info/?l=bugtraq&m=124654546101607&w=2
http://marc.info/?l=bugtraq&m=125631037611762&w=2
http://marc.info/?l=bugtraq&m=125631037611762&w=2
http://osvdb.org/51031
http://secunia.com/advisories/34642
http://secunia.com/advisories/35306
http://secunia.com/advisories/35650
http://secunia.com/advisories/36701
http://securitytracker.com/id?1021494
http://support.apple.com/kb/HT3865
http://www.mandriva.com/security/advisories?name=MDVSA-2009:021
http://www.mandriva.com/security/advisories?name=MDVSA-2009:022
http://www.mandriva.com/security/advisories?name=MDVSA-2009:023
http://www.php.net/releases/5_2_9.php
http://www.redhat.com/support/errata/RHSA-2009-0350.html
http://www.securityfocus.com/bid/33002
https://exchange.xforce.ibmcloud.com/vulnerabilities/47635
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9667
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html