Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2008-5498

Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image.

Related bugs and status

CVE-2008-5498 (Candidate) is related to these bugs:

Bug #670887: CVE-2008-5498

Summary				In	Importance	Status
	670887	CVE-2008-5498		php5 (Ubuntu)	Undecided	Won't Fix

See the

CVE page on Mitre.org for more details.

References

MISC: http://downloads.secur...
MISC: http://downloads.secur...
BID: 33002
SECTRACK: 1021494
OSVDB: 51031
MANDRIVA: MDVSA-2009:021
MANDRIVA: MDVSA-2009:022
MANDRIVA: MDVSA-2009:023
CONFIRM: http://www.php.net/rel...
SUSE: SUSE-SR:2009:008
SECUNIA: 34642
REDHAT: RHSA-2009:0350
FEDORA: FEDORA-2009-3768
FEDORA: FEDORA-2009-3848
SECUNIA: 35306
SECUNIA: 35650
CONFIRM: http://support.apple.c...
APPLE: APPLE-SA-2009-09-10-2
SECUNIA: 36701
CONFIRM: http://cvs.php.net/vie...
HP: HPSBUX02431
HP: SSRT090085
HP: HPSBUX02465
HP: SSRT090192
XF: php-imagerotate-info-d...
OVAL: oval:org.mitre.oval:de...