← back
CVE-2008-5498

CVE-2008-5498

EPSS 8.8%
Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/7646unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1360&r2=1.2027.2.547.2.1361&diff_format=uhttp://downloads.securityfocus.com/vulnerabilities/exploits/33002-2.phphttp://downloads.securityfocus.com/vulnerabilities/exploits/33002.phphttp://lists.apple.com/archives/security-announce/2009/Sep/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.htmlhttp://marc.info/?l=bugtraq&m=124654546101607&w=2http://marc.info/?l=bugtraq&m=125631037611762&w=2http://osvdb.org/51031http://secunia.com/advisories/34642http://secunia.com/advisories/35306http://secunia.com/advisories/35650http://secunia.com/advisories/36701