CVE-2009-3293

Publication date 22 September 2009

Last updated 24 July 2024

Description

Unspecified vulnerability in the imagecolortransparent function in PHP before 5.2.11 has unknown impact and attack vectors related to an incorrect "sanity check for the color index."

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
libgd2	9.10 karmic	Not affected
	9.04 jaunty	Not affected
	8.10 intrepid	Not affected
	8.04 LTS hardy	Not affected
	6.06 LTS dapper	Fixed 2.0.33-2ubuntu5.4
php5	9.10 karmic	Not affected
	9.04 jaunty	Not affected
	8.10 intrepid	Not affected
	8.04 LTS hardy	Not affected
	6.06 LTS dapper	Not affected

Notes

mdeslaur

php not affected - uses system libgd2 libgd2 in hardy is fixed by patch 0002_cvs20070916.patch

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
libgd2	Upstream: http://svn.php.net/viewvc?view=revision&revision=108427 Upstream: http://svn.php.net/viewvc?view=revision&revision=153900 Upstream: http://svn.php.net/viewvc?view=revision&revision=287979
php5	Upstream: http://svn.php.net/viewvc?view=revision&revision=287979

References

Related Ubuntu Security Notices (USN)

USN-854-1
GD library vulnerabilities
5 November 2009