PublicDateAtUSN: 2011-01-18
Candidate: CVE-2010-4698
PublicDate: 2011-01-18 20:00:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4698
 https://ubuntu.com/security/notices/USN-1126-1
Description:
 Stack-based buffer overflow in the GD extension in PHP before 5.2.15 and
 5.3.x before 5.3.4 allows context-dependent attackers to cause a denial of
 service (application crash) via a large number of anti-aliasing steps in an
 argument to the imagepstext function.
Ubuntu-Description:
Notes:
 sbeattie> natty needs regression patch applied (commit 306236)
Bugs:
 http://bugs.php.net/53492
Priority: medium
Discovered-by: Martin Barbella
Assigned-to: sbeattie
CVSS: 

Patches_php5:
 upstream: http://svn.php.net/viewvc?view=revision&revision=306075
 upstream: http://svn.php.net/viewvc?view=revision&revision=306236
upstream_php5: released (5.3.4)
dapper_php5: not-affected
hardy_php5: released (5.2.4-2ubuntu5.15)
karmic_php5: released (5.2.10.dfsg.1-2ubuntu6.9)
lucid_php5: released (5.3.2-1ubuntu4.8)
maverick_php5: released (5.3.3-1ubuntu9.4)
natty_php5: released (5.3.5-1ubuntu7.1)
devel_php5: not-affected (5.3.5-1ubuntu7.2)