CVE-2009-3293

EUVD-2009-3275
Unspecified vulnerability in the imagecolortransparent function in PHP before 5.2.11 has unknown impact and attack vectors related to an incorrect "sanity check for the color index."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
Affected Products (NVD)
VendorProductVersion
phpphp
𝑥
≤ 5.2.10
phpphp
1.0
phpphp
2.0
phpphp
2.0b10:b10
phpphp
3.0
phpphp
3.0.1
phpphp
3.0.2
phpphp
3.0.3
phpphp
3.0.4
phpphp
3.0.5
phpphp
3.0.6
phpphp
3.0.7
phpphp
3.0.8
phpphp
3.0.9
phpphp
3.0.10
phpphp
3.0.11
phpphp
3.0.12
phpphp
3.0.13
phpphp
3.0.14
phpphp
3.0.15
phpphp
3.0.16
phpphp
3.0.17
phpphp
3.0.18
phpphp
4.0
phpphp
4.0:beta_4_patch1
phpphp
4.0:beta1
phpphp
4.0:beta2
phpphp
4.0:beta3
phpphp
4.0:beta4
phpphp
4.0:rc1
phpphp
4.0:rc2
phpphp
4.0.0
phpphp
4.0.1
phpphp
4.0.1:patch1
phpphp
4.0.1:patch2
phpphp
4.0.2
phpphp
4.0.3
phpphp
4.0.3:patch1
phpphp
4.0.4
phpphp
4.0.4:patch1
phpphp
4.0.5
phpphp
4.0.6
phpphp
4.0.7
phpphp
4.0.7:rc1
phpphp
4.0.7:rc2
phpphp
4.0.7:rc3
phpphp
4.0.7:rc4
phpphp
4.1.0
phpphp
4.1.1
phpphp
4.1.2
phpphp
4.2
phpphp
4.2.0
phpphp
4.2.1
phpphp
4.2.2
phpphp
4.2.3
phpphp
4.3.0
phpphp
4.3.1
phpphp
4.3.2
phpphp
4.3.3
phpphp
4.3.4
phpphp
4.3.5
phpphp
4.3.6
phpphp
4.3.7
phpphp
4.3.8
phpphp
4.3.9
phpphp
4.3.10
phpphp
4.3.11
phpphp
4.4.0
phpphp
4.4.1
phpphp
4.4.2
phpphp
4.4.3
phpphp
4.4.4
phpphp
4.4.5
phpphp
4.4.6
phpphp
4.4.7
phpphp
4.4.8
phpphp
4.4.9
phpphp
5.0:rc1
phpphp
5.0:rc2
phpphp
5.0:rc3
phpphp
5.0.0
phpphp
5.0.0:beta1
phpphp
5.0.0:beta2
phpphp
5.0.0:beta3
phpphp
5.0.0:beta4
phpphp
5.0.0:rc1
phpphp
5.0.0:rc2
phpphp
5.0.0:rc3
phpphp
5.0.1
phpphp
5.0.2
phpphp
5.0.3
phpphp
5.0.4
phpphp
5.0.5
phpphp
5.1.0
phpphp
5.1.1
phpphp
5.1.2
phpphp
5.1.3
phpphp
5.1.4
phpphp
5.1.5
phpphp
5.1.6
phpphp
5.2.0
phpphp
5.2.2
phpphp
5.2.4
phpphp
5.2.6
phpphp
5.2.7
phpphp
5.2.8
phpphp
5.2.9
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libgd2
dapper
Fixed 2.0.33-2ubuntu5.4
released
hardy
not-affected
intrepid
not-affected
jaunty
not-affected
karmic
not-affected
php5
dapper
not-affected
hardy
not-affected
intrepid
not-affected
jaunty
not-affected
karmic
not-affected
References
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
http://marc.info/?l=bugtraq&m=127680701405735&w=2
http://marc.info/?l=bugtraq&m=130497311408250&w=2
http://secunia.com/advisories/36791
http://secunia.com/advisories/40262
http://support.apple.com/kb/HT3937
http://www.osvdb.org/58187
http://www.php.net/ChangeLog-5.php#5.2.11
http://www.php.net/releases/5_2_11.php
http://www.securitytracker.com/id?1022914
http://www.vupen.com/english/advisories/2009/3184
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7047
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
http://marc.info/?l=bugtraq&m=127680701405735&w=2
http://marc.info/?l=bugtraq&m=130497311408250&w=2
http://secunia.com/advisories/36791
http://secunia.com/advisories/40262
http://support.apple.com/kb/HT3937
http://www.osvdb.org/58187
http://www.php.net/ChangeLog-5.php#5.2.11
http://www.php.net/releases/5_2_11.php
http://www.securitytracker.com/id?1022914
http://www.vupen.com/english/advisories/2009/3184
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7047