Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-5498Sensitive Information Exposure in PHP

CWE-200Sensitive Information Exposure6 documents6 sources
Severity
5.0MEDIUMNVD
EPSS
10.3%
top 6.81%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
PHPDebian Libgd2
Timeline
PublishedDec 26
Latest updateMay 14

Description

Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDphp/php5.2.8+23
debiandebian/libgd2

🔴Vulnerability Details

1
GHSA
GHSA-8c7c-9pp7-6933: Array index error in the imageRotate function in PHP 52022-05-14

💥Exploits & PoCs

1
Exploit-DB
PHP 5.2.8 gd library - 'imageRotate()' Information Leak2009-01-02

📋Vendor Advisories

2
Red Hat
php: libgd imagerotate() array index error memory disclosure2008-12-24
Debian
CVE-2008-5498: libgd2 - Array index error in the imageRotate function in PHP 5.2.8 and earlier allows co...2008

💬Community

1
Bugzilla
CVE-2008-5498 php: libgd imagerotate() array index error memory disclosure2008-12-29