CVE-2009-3546SUSE CVEsecurity@suse.deSUSE Security TeamSUSE CVE-2009-3546Interim112024-09-28T02:43:14Zcurrent2024-09-28T02:43:14Z2024-09-28T02:43:14Zcve-database/bin/generate-cvrf-cve.pl2020-12-27T01:00:00ZCVE-2009-3546The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information.The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IS7CZRVYA2ZFFIEPWKNUUBFTNN3W5IWY/#IS7CZRVYA2ZFFIEPWKNUUBFTNN3W5IWYE-Mail link for SUSE-SR:2010:005https://www.suse.com/support/security/rating/SUSE Security RatingsSUSE Linux Enterprise Server 11 SP1SUSE Linux Enterprise Server 11 SP2apache2-mod_php5-5.2.14-0.7.24.1apache2-mod_php5-5.2.6-50.24.1php5-5.2.14-0.7.24.1php5-5.2.6-50.24.1php5-bcmath-5.2.14-0.7.24.1php5-bcmath-5.2.6-50.24.1php5-bz2-5.2.14-0.7.24.1php5-bz2-5.2.6-50.24.1php5-calendar-5.2.14-0.7.24.1php5-calendar-5.2.6-50.24.1php5-ctype-5.2.14-0.7.24.1php5-ctype-5.2.6-50.24.1php5-curl-5.2.14-0.7.24.1php5-curl-5.2.6-50.24.1php5-dba-5.2.14-0.7.24.1php5-dba-5.2.6-50.24.1php5-dbase-5.2.14-0.7.24.1php5-dbase-5.2.6-50.24.1php5-dom-5.2.14-0.7.24.1php5-dom-5.2.6-50.24.1php5-exif-5.2.14-0.7.24.1php5-exif-5.2.6-50.24.1php5-fastcgi-5.2.14-0.7.24.1php5-fastcgi-5.2.6-50.24.1php5-ftp-5.2.14-0.7.24.1php5-ftp-5.2.6-50.24.1php5-gd-5.2.14-0.7.24.1php5-gd-5.2.6-50.24.1php5-gettext-5.2.14-0.7.24.1php5-gettext-5.2.6-50.24.1php5-gmp-5.2.14-0.7.24.1php5-gmp-5.2.6-50.24.1php5-hash-5.2.14-0.7.24.1php5-hash-5.2.6-50.24.1php5-iconv-5.2.14-0.7.24.1php5-iconv-5.2.6-50.24.1php5-json-5.2.14-0.7.24.1php5-json-5.2.6-50.24.1php5-ldap-5.2.14-0.7.24.1php5-ldap-5.2.6-50.24.1php5-mbstring-5.2.14-0.7.24.1php5-mbstring-5.2.6-50.24.1php5-mcrypt-5.2.14-0.7.24.1php5-mcrypt-5.2.6-50.24.1php5-mysql-5.2.14-0.7.24.1php5-mysql-5.2.6-50.24.1php5-odbc-5.2.14-0.7.24.1php5-odbc-5.2.6-50.24.1php5-openssl-5.2.14-0.7.24.1php5-openssl-5.2.6-50.24.1php5-pcntl-5.2.14-0.7.24.1php5-pcntl-5.2.6-50.24.1php5-pdo-5.2.14-0.7.24.1php5-pdo-5.2.6-50.24.1php5-pear-5.2.14-0.7.24.1php5-pear-5.2.6-50.24.1php5-pgsql-5.2.14-0.7.24.1php5-pgsql-5.2.6-50.24.1php5-pspell-5.2.14-0.7.24.1php5-pspell-5.2.6-50.24.1php5-shmop-5.2.14-0.7.24.1php5-shmop-5.2.6-50.24.1php5-snmp-5.2.14-0.7.24.1php5-snmp-5.2.6-50.24.1php5-soap-5.2.14-0.7.24.1php5-soap-5.2.6-50.24.1php5-suhosin-5.2.14-0.7.24.1php5-suhosin-5.2.6-50.24.1php5-sysvmsg-5.2.14-0.7.24.1php5-sysvmsg-5.2.6-50.24.1php5-sysvsem-5.2.14-0.7.24.1php5-sysvsem-5.2.6-50.24.1php5-sysvshm-5.2.14-0.7.24.1php5-sysvshm-5.2.6-50.24.1php5-tokenizer-5.2.14-0.7.24.1php5-tokenizer-5.2.6-50.24.1php5-wddx-5.2.14-0.7.24.1php5-wddx-5.2.6-50.24.1php5-xmlreader-5.2.14-0.7.24.1php5-xmlreader-5.2.6-50.24.1php5-xmlrpc-5.2.14-0.7.24.1php5-xmlrpc-5.2.6-50.24.1php5-xmlwriter-5.2.14-0.7.24.1php5-xmlwriter-5.2.6-50.24.1php5-xsl-5.2.14-0.7.24.1php5-xsl-5.2.6-50.24.1php5-zip-5.2.14-0.7.24.1php5-zip-5.2.6-50.24.1php5-zlib-5.2.14-0.7.24.1php5-zlib-5.2.6-50.24.1apache2-mod_php5-5.2.6-50.24.1 as a component of SUSE Linux Enterprise Server 11 SP1php5-5.2.6-50.24.1 as a component of SUSE Linux Enterprise Server 11 SP1php5-bcmath-5.2.6-50.24.1 as a component of SUSE Linux Enterprise Server 11 SP1php5-bz2-5.2.6-50.24.1 as a component of SUSE Linux Enterprise Server 11 SP1php5-calendar-5.2.6-50.24.1 as a component of SUSE Linux Enterprise Server 11 SP1php5-ctype-5.2.6-50.24.1 as a component of SUSE Linux Enterprise Server 11 SP1php5-curl-5.2.6-50.24.1 as a component of SUSE Linux Enterprise Server 11 SP1php5-dba-5.2.6-50.24.1 as a component of SUSE Linux Enterprise Server 11 SP1php5-dbase-5.2.6-50.24.1 as a component of SUSE Linux Enterprise Server 11 SP1php5-dom-5.2.6-50.24.1 as a component of SUSE Linux Enterprise Server 11 SP1php5-exif-5.2.6-50.24.1 as a component of SUSE Linux Enterprise Server 11 SP1php5-fastcgi-5.2.6-50.24.1 as a component of SUSE Linux Enterprise Server 11 SP1php5-ftp-5.2.6-50.24.1 as a component of SUSE Linux Enterprise Server 11 SP1php5-gd-5.2.6-50.24.1 as a component of SUSE Linux Enterprise Server 11 SP1php5-gettext-5.2.6-50.24.1 as a component of SUSE Linux Enterprise Server 11 SP1php5-gmp-5.2.6-50.24.1 as a component of SUSE Linux Enterprise Server 11 SP1php5-hash-5.2.6-50.24.1 as a component of SUSE Linux Enterprise Server 11 SP1php5-iconv-5.2.6-50.24.1 as a component of SUSE Linux Enterprise Server 11 SP1php5-json-5.2.6-50.24.1 as a component of SUSE Linux Enterprise Server 11 SP1php5-ldap-5.2.6-50.24.1 as a component of SUSE Linux Enterprise Server 11 SP1php5-mbstring-5.2.6-50.24.1 as a component of SUSE Linux Enterprise Server 11 SP1php5-mcrypt-5.2.6-50.24.1 as a component of SUSE Linux Enterprise Server 11 SP1php5-mysql-5.2.6-50.24.1 as a component of SUSE Linux Enterprise Server 11 SP1php5-odbc-5.2.6-50.24.1 as a component of SUSE Linux Enterprise Server 11 SP1php5-openssl-5.2.6-50.24.1 as a component of SUSE Linux Enterprise Server 11 SP1php5-pcntl-5.2.6-50.24.1 as a component of SUSE Linux Enterprise Server 11 SP1php5-pdo-5.2.6-50.24.1 as a component of SUSE Linux Enterprise Server 11 SP1php5-pear-5.2.6-50.24.1 as a component of SUSE Linux Enterprise Server 11 SP1php5-pgsql-5.2.6-50.24.1 as a component of SUSE Linux Enterprise Server 11 SP1php5-pspell-5.2.6-50.24.1 as a component of SUSE Linux Enterprise Server 11 SP1php5-shmop-5.2.6-50.24.1 as a component of SUSE Linux Enterprise Server 11 SP1php5-snmp-5.2.6-50.24.1 as a component of SUSE Linux Enterprise Server 11 SP1php5-soap-5.2.6-50.24.1 as a component of SUSE Linux Enterprise Server 11 SP1php5-suhosin-5.2.6-50.24.1 as a component of SUSE Linux Enterprise Server 11 SP1php5-sysvmsg-5.2.6-50.24.1 as a component of SUSE Linux Enterprise Server 11 SP1php5-sysvsem-5.2.6-50.24.1 as a component of SUSE Linux Enterprise Server 11 SP1php5-sysvshm-5.2.6-50.24.1 as a component of SUSE Linux Enterprise Server 11 SP1php5-tokenizer-5.2.6-50.24.1 as a component of SUSE Linux Enterprise Server 11 SP1php5-wddx-5.2.6-50.24.1 as a component of SUSE Linux Enterprise Server 11 SP1php5-xmlreader-5.2.6-50.24.1 as a component of SUSE Linux Enterprise Server 11 SP1php5-xmlrpc-5.2.6-50.24.1 as a component of SUSE Linux Enterprise Server 11 SP1php5-xmlwriter-5.2.6-50.24.1 as a component of SUSE Linux Enterprise Server 11 SP1php5-xsl-5.2.6-50.24.1 as a component of SUSE Linux Enterprise Server 11 SP1php5-zip-5.2.6-50.24.1 as a component of SUSE Linux Enterprise Server 11 SP1php5-zlib-5.2.6-50.24.1 as a component of SUSE Linux Enterprise Server 11 SP1apache2-mod_php5-5.2.14-0.7.24.1 as a component of SUSE Linux Enterprise Server 11 SP2php5-5.2.14-0.7.24.1 as a component of SUSE Linux Enterprise Server 11 SP2php5-bcmath-5.2.14-0.7.24.1 as a component of SUSE Linux Enterprise Server 11 SP2php5-bz2-5.2.14-0.7.24.1 as a component of SUSE Linux Enterprise Server 11 SP2php5-calendar-5.2.14-0.7.24.1 as a component of SUSE Linux Enterprise Server 11 SP2php5-ctype-5.2.14-0.7.24.1 as a component of SUSE Linux Enterprise Server 11 SP2php5-curl-5.2.14-0.7.24.1 as a component of SUSE Linux Enterprise Server 11 SP2php5-dba-5.2.14-0.7.24.1 as a component of SUSE Linux Enterprise Server 11 SP2php5-dbase-5.2.14-0.7.24.1 as a component of SUSE Linux Enterprise Server 11 SP2php5-dom-5.2.14-0.7.24.1 as a component of SUSE Linux Enterprise Server 11 SP2php5-exif-5.2.14-0.7.24.1 as a component of SUSE Linux Enterprise Server 11 SP2php5-fastcgi-5.2.14-0.7.24.1 as a component of SUSE Linux Enterprise Server 11 SP2php5-ftp-5.2.14-0.7.24.1 as a component of SUSE Linux Enterprise Server 11 SP2php5-gd-5.2.14-0.7.24.1 as a component of SUSE Linux Enterprise Server 11 SP2php5-gettext-5.2.14-0.7.24.1 as a component of SUSE Linux Enterprise Server 11 SP2php5-gmp-5.2.14-0.7.24.1 as a component of SUSE Linux Enterprise Server 11 SP2php5-hash-5.2.14-0.7.24.1 as a component of SUSE Linux Enterprise Server 11 SP2php5-iconv-5.2.14-0.7.24.1 as a component of SUSE Linux Enterprise Server 11 SP2php5-json-5.2.14-0.7.24.1 as a component of SUSE Linux Enterprise Server 11 SP2php5-ldap-5.2.14-0.7.24.1 as a component of SUSE Linux Enterprise Server 11 SP2php5-mbstring-5.2.14-0.7.24.1 as a component of SUSE Linux Enterprise Server 11 SP2php5-mcrypt-5.2.14-0.7.24.1 as a component of SUSE Linux Enterprise Server 11 SP2php5-mysql-5.2.14-0.7.24.1 as a component of SUSE Linux Enterprise Server 11 SP2php5-odbc-5.2.14-0.7.24.1 as a component of SUSE Linux Enterprise Server 11 SP2php5-openssl-5.2.14-0.7.24.1 as a component of SUSE Linux Enterprise Server 11 SP2php5-pcntl-5.2.14-0.7.24.1 as a component of SUSE Linux Enterprise Server 11 SP2php5-pdo-5.2.14-0.7.24.1 as a component of SUSE Linux Enterprise Server 11 SP2php5-pear-5.2.14-0.7.24.1 as a component of SUSE Linux Enterprise Server 11 SP2php5-pgsql-5.2.14-0.7.24.1 as a component of SUSE Linux Enterprise Server 11 SP2php5-pspell-5.2.14-0.7.24.1 as a component of SUSE Linux Enterprise Server 11 SP2php5-shmop-5.2.14-0.7.24.1 as a component of SUSE Linux Enterprise Server 11 SP2php5-snmp-5.2.14-0.7.24.1 as a component of SUSE Linux Enterprise Server 11 SP2php5-soap-5.2.14-0.7.24.1 as a component of SUSE Linux Enterprise Server 11 SP2php5-suhosin-5.2.14-0.7.24.1 as a component of SUSE Linux Enterprise Server 11 SP2php5-sysvmsg-5.2.14-0.7.24.1 as a component of SUSE Linux Enterprise Server 11 SP2php5-sysvsem-5.2.14-0.7.24.1 as a component of SUSE Linux Enterprise Server 11 SP2php5-sysvshm-5.2.14-0.7.24.1 as a component of SUSE Linux Enterprise Server 11 SP2php5-tokenizer-5.2.14-0.7.24.1 as a component of SUSE Linux Enterprise Server 11 SP2php5-wddx-5.2.14-0.7.24.1 as a component of SUSE Linux Enterprise Server 11 SP2php5-xmlreader-5.2.14-0.7.24.1 as a component of SUSE Linux Enterprise Server 11 SP2php5-xmlrpc-5.2.14-0.7.24.1 as a component of SUSE Linux Enterprise Server 11 SP2php5-xmlwriter-5.2.14-0.7.24.1 as a component of SUSE Linux Enterprise Server 11 SP2php5-xsl-5.2.14-0.7.24.1 as a component of SUSE Linux Enterprise Server 11 SP2php5-zip-5.2.14-0.7.24.1 as a component of SUSE Linux Enterprise Server 11 SP2php5-zlib-5.2.14-0.7.24.1 as a component of SUSE Linux Enterprise Server 11 SP2The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information.CVE-2009-3546SUSE Linux Enterprise Server 11 SP1:apache2-mod_php5-5.2.6-50.24.1SUSE Linux Enterprise Server 11 SP1:php5-5.2.6-50.24.1SUSE Linux Enterprise Server 11 SP1:php5-bcmath-5.2.6-50.24.1SUSE Linux Enterprise Server 11 SP1:php5-bz2-5.2.6-50.24.1SUSE Linux Enterprise Server 11 SP1:php5-calendar-5.2.6-50.24.1SUSE Linux Enterprise Server 11 SP1:php5-ctype-5.2.6-50.24.1SUSE Linux Enterprise Server 11 SP1:php5-curl-5.2.6-50.24.1SUSE Linux Enterprise Server 11 SP1:php5-dba-5.2.6-50.24.1SUSE Linux Enterprise Server 11 SP1:php5-dbase-5.2.6-50.24.1SUSE Linux Enterprise Server 11 SP1:php5-dom-5.2.6-50.24.1SUSE Linux Enterprise Server 11 SP1:php5-exif-5.2.6-50.24.1SUSE Linux Enterprise Server 11 SP1:php5-fastcgi-5.2.6-50.24.1SUSE Linux Enterprise Server 11 SP1:php5-ftp-5.2.6-50.24.1SUSE Linux Enterprise Server 11 SP1:php5-gd-5.2.6-50.24.1SUSE Linux Enterprise Server 11 SP1:php5-gettext-5.2.6-50.24.1SUSE Linux Enterprise Server 11 SP1:php5-gmp-5.2.6-50.24.1SUSE Linux Enterprise Server 11 SP1:php5-hash-5.2.6-50.24.1SUSE Linux Enterprise Server 11 SP1:php5-iconv-5.2.6-50.24.1SUSE Linux Enterprise Server 11 SP1:php5-json-5.2.6-50.24.1SUSE Linux Enterprise Server 11 SP1:php5-ldap-5.2.6-50.24.1SUSE Linux Enterprise Server 11 SP1:php5-mbstring-5.2.6-50.24.1SUSE Linux Enterprise Server 11 SP1:php5-mcrypt-5.2.6-50.24.1SUSE Linux Enterprise Server 11 SP1:php5-mysql-5.2.6-50.24.1SUSE Linux Enterprise Server 11 SP1:php5-odbc-5.2.6-50.24.1SUSE Linux Enterprise Server 11 SP1:php5-openssl-5.2.6-50.24.1SUSE Linux Enterprise Server 11 SP1:php5-pcntl-5.2.6-50.24.1SUSE Linux Enterprise Server 11 SP1:php5-pdo-5.2.6-50.24.1SUSE Linux Enterprise Server 11 SP1:php5-pear-5.2.6-50.24.1SUSE Linux Enterprise Server 11 SP1:php5-pgsql-5.2.6-50.24.1SUSE Linux Enterprise Server 11 SP1:php5-pspell-5.2.6-50.24.1SUSE Linux Enterprise Server 11 SP1:php5-shmop-5.2.6-50.24.1SUSE Linux Enterprise Server 11 SP1:php5-snmp-5.2.6-50.24.1SUSE Linux Enterprise Server 11 SP1:php5-soap-5.2.6-50.24.1SUSE Linux Enterprise Server 11 SP1:php5-suhosin-5.2.6-50.24.1SUSE Linux Enterprise Server 11 SP1:php5-sysvmsg-5.2.6-50.24.1SUSE Linux Enterprise Server 11 SP1:php5-sysvsem-5.2.6-50.24.1SUSE Linux Enterprise Server 11 SP1:php5-sysvshm-5.2.6-50.24.1SUSE Linux Enterprise Server 11 SP1:php5-tokenizer-5.2.6-50.24.1SUSE Linux Enterprise Server 11 SP1:php5-wddx-5.2.6-50.24.1SUSE Linux Enterprise Server 11 SP1:php5-xmlreader-5.2.6-50.24.1SUSE Linux Enterprise Server 11 SP1:php5-xmlrpc-5.2.6-50.24.1SUSE Linux Enterprise Server 11 SP1:php5-xmlwriter-5.2.6-50.24.1SUSE Linux Enterprise Server 11 SP1:php5-xsl-5.2.6-50.24.1SUSE Linux Enterprise Server 11 SP1:php5-zip-5.2.6-50.24.1SUSE Linux Enterprise Server 11 SP1:php5-zlib-5.2.6-50.24.1SUSE Linux Enterprise Server 11 SP2:apache2-mod_php5-5.2.14-0.7.24.1SUSE Linux Enterprise Server 11 SP2:php5-5.2.14-0.7.24.1SUSE Linux Enterprise Server 11 SP2:php5-bcmath-5.2.14-0.7.24.1SUSE Linux Enterprise Server 11 SP2:php5-bz2-5.2.14-0.7.24.1SUSE Linux Enterprise Server 11 SP2:php5-calendar-5.2.14-0.7.24.1SUSE Linux Enterprise Server 11 SP2:php5-ctype-5.2.14-0.7.24.1SUSE Linux Enterprise Server 11 SP2:php5-curl-5.2.14-0.7.24.1SUSE Linux Enterprise Server 11 SP2:php5-dba-5.2.14-0.7.24.1SUSE Linux Enterprise Server 11 SP2:php5-dbase-5.2.14-0.7.24.1SUSE Linux Enterprise Server 11 SP2:php5-dom-5.2.14-0.7.24.1SUSE Linux Enterprise Server 11 SP2:php5-exif-5.2.14-0.7.24.1SUSE Linux Enterprise Server 11 SP2:php5-fastcgi-5.2.14-0.7.24.1SUSE Linux Enterprise Server 11 SP2:php5-ftp-5.2.14-0.7.24.1SUSE Linux Enterprise Server 11 SP2:php5-gd-5.2.14-0.7.24.1SUSE Linux Enterprise Server 11 SP2:php5-gettext-5.2.14-0.7.24.1SUSE Linux Enterprise Server 11 SP2:php5-gmp-5.2.14-0.7.24.1SUSE Linux Enterprise Server 11 SP2:php5-hash-5.2.14-0.7.24.1SUSE Linux Enterprise Server 11 SP2:php5-iconv-5.2.14-0.7.24.1SUSE Linux Enterprise Server 11 SP2:php5-json-5.2.14-0.7.24.1SUSE Linux Enterprise Server 11 SP2:php5-ldap-5.2.14-0.7.24.1SUSE Linux Enterprise Server 11 SP2:php5-mbstring-5.2.14-0.7.24.1SUSE Linux Enterprise Server 11 SP2:php5-mcrypt-5.2.14-0.7.24.1SUSE Linux Enterprise Server 11 SP2:php5-mysql-5.2.14-0.7.24.1SUSE Linux Enterprise Server 11 SP2:php5-odbc-5.2.14-0.7.24.1SUSE Linux Enterprise Server 11 SP2:php5-openssl-5.2.14-0.7.24.1SUSE Linux Enterprise Server 11 SP2:php5-pcntl-5.2.14-0.7.24.1SUSE Linux Enterprise Server 11 SP2:php5-pdo-5.2.14-0.7.24.1SUSE Linux Enterprise Server 11 SP2:php5-pear-5.2.14-0.7.24.1SUSE Linux Enterprise Server 11 SP2:php5-pgsql-5.2.14-0.7.24.1SUSE Linux Enterprise Server 11 SP2:php5-pspell-5.2.14-0.7.24.1SUSE Linux Enterprise Server 11 SP2:php5-shmop-5.2.14-0.7.24.1SUSE Linux Enterprise Server 11 SP2:php5-snmp-5.2.14-0.7.24.1SUSE Linux Enterprise Server 11 SP2:php5-soap-5.2.14-0.7.24.1SUSE Linux Enterprise Server 11 SP2:php5-suhosin-5.2.14-0.7.24.1SUSE Linux Enterprise Server 11 SP2:php5-sysvmsg-5.2.14-0.7.24.1SUSE Linux Enterprise Server 11 SP2:php5-sysvsem-5.2.14-0.7.24.1SUSE Linux Enterprise Server 11 SP2:php5-sysvshm-5.2.14-0.7.24.1SUSE Linux Enterprise Server 11 SP2:php5-tokenizer-5.2.14-0.7.24.1SUSE Linux Enterprise Server 11 SP2:php5-wddx-5.2.14-0.7.24.1SUSE Linux Enterprise Server 11 SP2:php5-xmlreader-5.2.14-0.7.24.1SUSE Linux Enterprise Server 11 SP2:php5-xmlrpc-5.2.14-0.7.24.1SUSE Linux Enterprise Server 11 SP2:php5-xmlwriter-5.2.14-0.7.24.1SUSE Linux Enterprise Server 11 SP2:php5-xsl-5.2.14-0.7.24.1SUSE Linux Enterprise Server 11 SP2:php5-zip-5.2.14-0.7.24.1SUSE Linux Enterprise Server 11 SP2:php5-zlib-5.2.14-0.7.24.1critical9.3AV:N/AC:M/Au:N/C:C/I:C/A:C