Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3658

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-3658
Last Modified 01 Aug 2013 01:52:18
Published 14 Aug 2008 08:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3658

Summary

Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.2 before 5.2.6-r6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.

Vulnerable Systems

Application

  • Php 4.4.0

  • Php 4.4.1

  • Php 4.4.2

  • Php 4.4.3

  • Php 4.4.4

  • Php 4.4.5

  • Php 4.4.6

  • Php 4.4.7

  • Php 4.4.8

  • Php 5.2.0

  • Php 5.2.1

  • Php 5.2.2

  • Php 5.2.3

  • Php 5.2.4

  • Php 5.2.5

  • Php 5.2.6


References

CERT - TA09-133A

FEDORA - FEDORA-2009-3848

FEDORA - FEDORA-2009-3768

XF - php-imageloadfont-dos(44401)

VUPEN - ADV-2009-1297

VUPEN - ADV-2009-0320

VUPEN - ADV-2008-3275

VUPEN - ADV-2008-2336

BID - 30649

BUGTRAQ - 20090302 rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl

HP - SSRT080132

REDHAT - RHSA-2009:0350

CONFIRM - http://www.php.net/archive/2008.php#id2008-08-07-1

MLIST - [oss-security] 20080813 Re: CVE request: php-5.2.6 overflow issues

MLIST - [oss-security] 20080808 CVE request: php-5.2.6 overflow issues

MANDRIVA - MDVSA-2009:024

MANDRIVA - MDVSA-2009:023

MANDRIVA - MDVSA-2009:022

MANDRIVA - MDVSA-2009:021

DEBIAN - DSA-1647

CONFIRM - http://wiki.rpath.com/Advisories:rPSA-2009-0035

CONFIRM - http://support.apple.com/kb/HT3549

SECUNIA - 35306

SECUNIA - 35074

SECUNIA - 33797

SECUNIA - 32884

SECUNIA - 32316

SECUNIA - 32148

SECUNIA - 31982

OSVDB - 47484

MISC - http://news.php.net/php.cvs/51219

HP - SSRT090192

HP - HPSBUX02401

SUSE - SUSE-SR:2008:021

SUSE - SUSE-SR:2008:018

APPLE - APPLE-SA-2009-05-12

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=234102

GENTOO - GLSA-200811-05

SECUNIA - 32746

HP - HPSBTU02382

HP - HPSBUX02465

HP - SSRT090005

Related Patches

Apple 2009-05-12 Mac OS X 10.5.7 Combo Update

Apple 2009-05-12 Mac OS X Server 10.5.7 Update

Apple 2009-05-12 Mac OS X 10.5.7 Update

Apple 2009-05-12 Mac OS X Server 10.5.7 Combo Update

Red Hat 2009:0338-01 RHSA Moderate: php security update for RHEL 5 x86


Last Updated: 27 May 2016 11:01:21