FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-3658

This CVE name corresponds to:

Entered Topic
2008-12-07 php -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-3658 at cve.mitre.org

Details

Type Candidate
Name CVE-2008-3658
Phase Assigned(20080812)

Description

Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.2 before 5.2.6-r6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.

References

Source Reference
BUGTRAQ 20090302 rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl
MISC http://news.php.net/php.cvs/51219
CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=234102
CONFIRM http://www.php.net/archive/2008.php#id2008-08-07-1
MLIST [oss-security] 20080808 CVE request: php-5.2.6 overflow issues
MLIST [oss-security] 20080813 Re: CVE request: php-5.2.6 overflow issues
CONFIRM http://wiki.rpath.com/Advisories:rPSA-2009-0035
CONFIRM http://support.apple.com/kb/HT3549
APPLE APPLE-SA-2009-05-12
DEBIAN DSA-1647
FEDORA FEDORA-2009-3768
FEDORA FEDORA-2009-3848
GENTOO GLSA-200811-05
HP HPSBTU02382
HP SSRT080132
HP HPSBUX02401
HP SSRT090005
HP HPSBUX02465
HP SSRT090192
MANDRIVA MDVSA-2009:021
MANDRIVA MDVSA-2009:022
MANDRIVA MDVSA-2009:023
MANDRIVA MDVSA-2009:024
REDHAT RHSA-2009:0350
SUSE SUSE-SR:2008:018
SUSE SUSE-SR:2008:021
CERT TA09-133A
BID 30649
OSVDB 47484
OVAL oval:org.mitre.oval:def:9724
SECUNIA 35074
SECUNIA 35306
SECUNIA 32746
VUPEN ADV-2008-3275
VUPEN ADV-2009-0320
SECUNIA 32148
SECUNIA 32316
SECUNIA 32884
SECUNIA 31982
SECUNIA 33797
VUPEN ADV-2008-2336
VUPEN ADV-2009-1297
XF php-imageloadfont-dos(44401)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.