CVE-2010-4698

Stack-based buffer overflow in the GD extension in PHP before 5.2.15 and 5.3.x before 5.3.4 allows context-dependent attackers to cause a denial of service (application crash) via a large number of anti-aliasing steps in an argument to the imagepstext function.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
phpphp
5.2.0
phpphp
5.2.1
phpphp
5.2.2
phpphp
5.2.3
phpphp
5.2.4
phpphp
5.2.10
phpphp
5.2.11
phpphp
5.2.12
phpphp
5.2.13
phpphp
5.2.14
phpphp
5.3.0
phpphp
5.3.1
phpphp
5.3.2
phpphp
5.3.3
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php5
dapper
not-affected
hardy
Fixed 5.2.4-2ubuntu5.15
released
karmic
Fixed 5.2.10.dfsg.1-2ubuntu6.9
released
lucid
Fixed 5.3.2-1ubuntu4.8
released
maverick
Fixed 5.3.3-1ubuntu9.4
released
natty
Fixed 5.3.5-1ubuntu7.1
released
Common Weakness Enumeration
References
http://bugs.php.net/53492
http://marc.info/?l=bugtraq&m=133469208622507&w=2
http://seclists.org/fulldisclosure/2010/Dec/180
http://www.php.net/ChangeLog-5.php
http://www.securityfocus.com/bid/45338
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11939
http://bugs.php.net/53492
http://marc.info/?l=bugtraq&m=133469208622507&w=2
http://seclists.org/fulldisclosure/2010/Dec/180
http://www.php.net/ChangeLog-5.php
http://www.securityfocus.com/bid/45338
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11939