Vulnerability CVE-2008-5498: Information

Description

Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image.

Severity: MEDIUM (5.0)

URL: https://nvd.nist.gov/vuln/detail/CVE-2008-5498

Published: Dec. 26, 2008

Modified: Oct. 30, 2018

Error type identifier: CWE-200

References to Advisories, Solutions, and Tools

Hyperlink	Resource
http://downloads.securityfocus.com/vulnerabilities/exploits/33002.php	Exploit
1021494
33002
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1360&r2=1.2027.2.547.2.1361&diff_format=u
http://downloads.securityfocus.com/vulnerabilities/exploits/33002-2.php	Exploit
51031
MDVSA-2009:021
MDVSA-2009:023
MDVSA-2009:022
http://www.php.net/releases/5_2_9.php
SUSE-SR:2009:008
34642
RHSA-2009:0350
FEDORA-2009-3848
35306
FEDORA-2009-3768
SSRT090085
35650
APPLE-SA-2009-09-10-2
http://support.apple.com/kb/HT3865
36701
HPSBUX02465
php-imagerotate-info-disclosure(47635)
oval:org.mitre.oval:def:9667

Affected configurations:
1. Configuration 1
  cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*
  cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*
  cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*
  cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*
  cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*
  cpe:2.3:a:php:php:5.0:rc1:*:*:*:*:*:*
  cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*
  cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*
  cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*
  cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*
  cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*
  cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*
  cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*
  cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
  End including
  5.2.8
  cpe:2.3:a:php:php:5.0:rc3:*:*:*:*:*:*
  cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*
  cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*
  cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*
  cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*
  cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*
  cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*
  cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*
  cpe:2.3:a:php:php:5.0:rc2:*:*:*:*:*:*
  cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*
  cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*
  cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*
  cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*
  cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*
  cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*
  cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*
  cpe:2.3:a:php:php:5:*:*:*:*:*:*:*
  cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*
  cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*

Version: v24.4.2

Vulnerability CVE-2008-5498: Information

Description

References to Advisories, Solutions, and Tools

Configuration 1