FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

php5-gd -- uninitialized memory information disclosure vulnerability

Affected packages
php5-gd <= 5.2.8

Details

VuXML ID 58a3c266-db01-11dd-ae30-001cc0377035
Discovery 2008-12-24
Entry 2009-01-05
Modified 2009-02-04

According to CVE-2008-5498 entry:

Array index error in the "imageRotate" function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the "bgd_color" or "clrBack" argument) for an indexed image.

[source]

References

Bugtraq ID 33002
CVE Name CVE-2008-5498
URL http://www.securiteam.com/unixfocus/6G00Y0ANFU.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.