FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

php5-gd -- uninitialized memory information disclosure vulnerability

Affected packages
php5-gd <= 5.2.8

Details

VuXML ID 58a3c266-db01-11dd-ae30-001cc0377035
Discovery 2008-12-24
Entry 2009-01-05
Modified 2009-02-04

According to CVE-2008-5498 entry:

Array index error in the "imageRotate" function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the "bgd_color" or "clrBack" argument) for an indexed image.

References

Bugtraq ID 33002
CVE Name CVE-2008-5498
URL http://www.securiteam.com/unixfocus/6G00Y0ANFU.html