CVE-2009-3546 — Improper Input Validation in GD Graphics Library

CWE-20 — Improper Input Validation CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents7 sources

Severity

9.3CRITICALNVD

OSV7.5

EPSS

4.7%

top 10.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Racket Debian Libgd2 Debian Libwmf +3 more

Timeline

PublishedOct 19

Latest updateMay 2

Description

The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages6 packages

▶NVDlibgd/gd_graphics_library4 versions+3

▶debiandebian/libgd2< libgd2 2.0.36~rc1~dfsg-3.1 (bookworm)

▶debiandebian/libwmf< libgd2 2.0.36~rc1~dfsg-3.1 (bookworm)

▶debiandebian/racket< libgd2 2.0.36~rc1~dfsg-3.1 (bookworm)

▶Debianracket/racket< 5.0.2-1+3

Patches

Patch: www.vupen.com ↗Patch: www.vupen.com ↗

🔴Vulnerability Details

GHSA

GHSA-w7xp-2c87-fchc: The _gdGetColors function in gd_gd↗2022-05-02

▶

OSV

CVE-2009-3546: The _gdGetColors function in gd_gd↗2009-10-19

▶

📋Vendor Advisories

Ubuntu

GD library vulnerabilities↗2009-11-05

▶

Red Hat

gd: insufficient input validation in _gdGetColors()↗2009-10-12

▶

Debian

CVE-2009-3546: libgd2 - The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and t...↗2009

▶

💬Community

Bugzilla

CVE-2009-3546 gd: insufficient input validation in _gdGetColors() [fedora-all]↗2012-06-11

▶

Bugzilla

Embeds vulnerable version of gd prone to many CVEs↗2010-12-05

▶

Bugzilla

CVE-2009-3546 gd: insufficient input validation in _gdGetColors()↗2009-10-15

▶