CVE-2008-5498
published 2008-12-26CVE-2008-5498: Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations…
PriorityP433medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
8.85%
94.5th percentile
Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image.
Affected
25 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libgd2 | — | — |
| php | php | <= 5.2.8 | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
php: libgd imagerotate() array index error memory disclosure
vendor_redhat·2008-12-24·CVSS 5.0
CVE-2008-5498 [MEDIUM] php: libgd imagerotate() array index error memory disclosure
php: libgd imagerotate() array index error memory disclosure
Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image.
Debian
CVE-2008-5498: libgd2 - Array index error in the imageRotate function in PHP 5.2.8 and earlier allows co...
vendor_debian·2008·CVSS 5.0
CVE-2008-5498 [MEDIUM] CVE-2008-5498: libgd2 - Array index error in the imageRotate function in PHP 5.2.8 and earlier allows co...
Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
GHSA
GHSA-8c7c-9pp7-6933: Array index error in the imageRotate function in PHP 5
ghsa_unreviewed·2022-05-14
CVE-2008-5498 [MEDIUM] CWE-200 GHSA-8c7c-9pp7-6933: Array index error in the imageRotate function in PHP 5
Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image.
No detection rules found.
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1360&r2=1.2027.2.547.2.1361&diff_format=uhttp://downloads.securityfocus.com/vulnerabilities/exploits/33002-2.phphttp://downloads.securityfocus.com/vulnerabilities/exploits/33002.phphttp://lists.apple.com/archives/security-announce/2009/Sep/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.htmlhttp://marc.info/?l=bugtraq&m=124654546101607&w=2http://marc.info/?l=bugtraq&m=125631037611762&w=2http://osvdb.org/51031http://secunia.com/advisories/34642http://secunia.com/advisories/35306http://secunia.com/advisories/35650http://secunia.com/advisories/36701http://securitytracker.com/id?1021494http://support.apple.com/kb/HT3865http://www.mandriva.com/security/advisories?name=MDVSA-2009:021http://www.mandriva.com/security/advisories?name=MDVSA-2009:022http://www.mandriva.com/security/advisories?name=MDVSA-2009:023http://www.php.net/releases/5_2_9.phphttp://www.redhat.com/support/errata/RHSA-2009-0350.htmlhttp://www.securityfocus.com/bid/33002https://exchange.xforce.ibmcloud.com/vulnerabilities/47635https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9667https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.htmlhttp://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1360&r2=1.2027.2.547.2.1361&diff_format=uhttp://downloads.securityfocus.com/vulnerabilities/exploits/33002-2.phphttp://downloads.securityfocus.com/vulnerabilities/exploits/33002.phphttp://lists.apple.com/archives/security-announce/2009/Sep/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.htmlhttp://marc.info/?l=bugtraq&m=124654546101607&w=2http://marc.info/?l=bugtraq&m=125631037611762&w=2http://osvdb.org/51031http://secunia.com/advisories/34642http://secunia.com/advisories/35306http://secunia.com/advisories/35650http://secunia.com/advisories/36701http://securitytracker.com/id?1021494http://support.apple.com/kb/HT3865http://www.mandriva.com/security/advisories?name=MDVSA-2009:021http://www.mandriva.com/security/advisories?name=MDVSA-2009:022http://www.mandriva.com/security/advisories?name=MDVSA-2009:023http://www.php.net/releases/5_2_9.phphttp://www.redhat.com/support/errata/RHSA-2009-0350.htmlhttp://www.securityfocus.com/bid/33002https://exchange.xforce.ibmcloud.com/vulnerabilities/47635https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9667https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html
2008-12-26
Published