Computer Security
[EN] securityvulns.ru no-pyccku


PHP multiple security vulnerabilities
updated since 28.09.2009
Published:20.10.2009
Source:
SecurityVulns ID:10269
Type:library
Threat Level:
7/10
Description:Certificates spoofing, memory corruptions on images parsing, information leakage.
Affected:PHP : PHP 5.2
 PHP : PHP 5.3
CVE:CVE-2009-3546 (The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information.)
 CVE-2009-3293 (Unspecified vulnerability in the imagecolortransparent function in PHP before 5.2.11 has unknown impact and attack vectors related to an incorrect "sanity check for the color index.")
 CVE-2009-3292 (Unspecified vulnerability in PHP before 5.2.11 has unknown impact and attack vectors related to "missing sanity checks around exif processing.")
 CVE-2009-3291 (The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates.)
Original documentdocumentMANDRIVA, [ MDVSA-2009:284 ] gd (20.10.2009)
 documentdavid_(at)_majorsecurity.info, [MajorSecurity Advisory #59]PHP <=5.3 - mysqli_real_escape_string() full path disclosure (28.09.2009)
 documentdavid_(at)_majorsecurity.info, [MajorSecurity Advisory #57]PHP <=5.3 - preg_match() full path disclosure (28.09.2009)
 documentMANDRIVA, [ MDVSA-2009:248 ] php (28.09.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod