CVE-2008-5498
Published: 26 December 2008
Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image.
Notes
Author | Note |
---|---|
jdstrand | php5 on Ubuntu is linked against libgd2, which is not affected |
Priority
Status
Package | Release | Status |
---|---|---|
libgd2 Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
|
gutsy |
Not vulnerable
|
|
hardy |
Not vulnerable
|
|
intrepid |
Not vulnerable
|
|
upstream |
Needs triage
|
|
php5 Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
(code not used)
|
gutsy |
Not vulnerable
(code not used)
|
|
hardy |
Not vulnerable
(code not used)
|
|
intrepid |
Not vulnerable
(code not used)
|
|
upstream |
Needs triage
|
|
Patches: upstream: http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd.c?hideattic=0&r1=1.90.2.1.2.23&r2=1.90.2.1.2.24 |