[pkg-GD-devel] Bug#552534: libgd2: CVE-2009-3546: possible buffer overflow or buffer over-read attacks via crafted files
Raphael Geissert
geissert at debian.org
Tue Oct 27 06:38:42 UTC 2009
Source: libgd2
Version: 2.0.36~rc1~dfsg-3
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for libgd2.
CVE-2009-3546[0]:
| The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.0, and the
| GD Graphics Library 2.x, does not properly verify a certain
| colorsTotal structure member, which might allow remote attackers to
| conduct buffer overflow or buffer over-read attacks via a crafted GD
| file, a different vulnerability than CVE-2009-3293. NOTE: some of
| these details are obtained from third party information.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546
http://security-tracker.debian.org/tracker/CVE-2009-3546
Cheers,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
More information about the pkg-GD-devel
mailing list