SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2008-5498

Date: (C)2008-12-26 (M)2024-02-22

Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE

Reference:

SECTRACK-1021494

APPLE-SA-2009-09-10-2

FEDORA-2009-3768

FEDORA-2009-3848

SUSE-SR:2009:008

http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1360&r2=1.2027.2.547.2.1361&diff_format=u

http://downloads.securityfocus.com/vulnerabilities/exploits/33002-2.php

http://downloads.securityfocus.com/vulnerabilities/exploits/33002.php

http://support.apple.com/kb/HT3865

http://www.php.net/releases/5_2_9.php

oval:org.mitre.oval:def:9667

php-imagerotate-info-disclosure(47635)

cpe:/a:php:php:5.0.0:rc3
cpe:/a:php:php:5.0.0:rc2
cpe:/a:php:php:5.0.0:rc1
cpe:/a:php:php:5.1.4
...

oval:org.secpod.oval:def:300742
oval:org.secpod.oval:def:300482
oval:org.secpod.oval:def:202111
oval:org.secpod.oval:def:202156
...

© SecPod Technologies