5

CVE-2008-5498

Exploit
Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpPhp Version <= 5.2.8
PhpPhp Version5
PhpPhp Version5.0 Updaterc1
PhpPhp Version5.0 Updaterc2
PhpPhp Version5.0 Updaterc3
PhpPhp Version5.0.0
PhpPhp Version5.0.0 Updatebeta1
PhpPhp Version5.0.0 Updatebeta2
PhpPhp Version5.0.0 Updatebeta3
PhpPhp Version5.0.0 Updatebeta4
PhpPhp Version5.0.0 Updaterc1
PhpPhp Version5.0.0 Updaterc2
PhpPhp Version5.0.0 Updaterc3
PhpPhp Version5.0.1
PhpPhp Version5.0.2
PhpPhp Version5.0.3
PhpPhp Version5.0.4
PhpPhp Version5.0.5
PhpPhp Version5.1.0
PhpPhp Version5.1.1
PhpPhp Version5.1.2
PhpPhp Version5.1.3
PhpPhp Version5.1.4
PhpPhp Version5.1.5
PhpPhp Version5.1.6
PhpPhp Version5.2.0
PhpPhp Version5.2.1
PhpPhp Version5.2.2
PhpPhp Version5.2.3
PhpPhp Version5.2.4
PhpPhp Version5.2.5
PhpPhp Version5.2.6
PhpPhp Version5.2.7
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 8.85% 0.945
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://marc.info/?l=bugtraq&m=125631037611762&w=2
http://www.mandriva.com/security/advisories?name=MDVSA-2009:022
http://www.mandriva.com/security/advisories?name=MDVSA-2009:023
http://marc.info/?l=bugtraq&m=124654546101607&w=2
http://secunia.com/advisories/35650
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
http://secunia.com/advisories/34642
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
http://secunia.com/advisories/36701
http://support.apple.com/kb/HT3865
http://secunia.com/advisories/35306
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:021
http://www.redhat.com/support/errata/RHSA-2009-0350.html
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1360&r2=1.2027.2.547.2.1361&diff_format=u
http://downloads.securityfocus.com/vulnerabilities/exploits/33002-2.php
Exploit
http://downloads.securityfocus.com/vulnerabilities/exploits/33002.php
Exploit
http://osvdb.org/51031
http://securitytracker.com/id?1021494
http://www.php.net/releases/5_2_9.php
http://www.securityfocus.com/bid/33002
https://exchange.xforce.ibmcloud.com/vulnerabilities/47635
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9667