PHP 'imageRotate()' Memory Information Disclosure Vulnerability Network Vulnerability

Summary

The host is running PHP and is prone to Memory Information Disclosure vulnerability.

Impact

Successful exploitation could let the attacker read the contents of arbitrary memory locations through a crafted value for an indexed image. Impact Level: Application

Solution

Upgrade to PHP version 5.2.9 or later. For updates refer to http://www.php.net/

Insight

The flaw is due to improper validation of bgd_color or clrBack argument in imageRotate function.

Affected

PHP version 5.x to 5.2.8 on all running platform.

References

http://downloads.securityfocus.com/vulnerabilities/exploits/33002-2.php
http://downloads.securityfocus.com/vulnerabilities/exploits/33002.php
http://securitytracker.com/alerts/2008/Dec/1021494.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-5498

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

12Planet Chat Server one2planet.infolet.InfoServlet XSS
Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities
Apache Tiles Multiple XSS Vulnerability
Apache Struts2 showcase namespace XSS Vulnerability
Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities