=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2009/VULN427
_____________________________________________________________________

DATE                      : 22/10/2009

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running GD Graphics Library version 2.x,
                                      PHP versions PHP 5.2.11, 5.3.0.

======================================================================
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546
______________________________________________________________________

CVE-ID   CVE-2009-3546 (under review)
	

Description

The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.0,
and the GD Graphics Library 2.x, does not properly verify a
certain colorsTotal structure member, which might allow remote
attackers to conduct buffer overflow or buffer over-read attacks
via a crafted GD file, a different vulnerability than CVE-2009-3293.

NOTE: some of these details are obtained from third party information.


References

Note: References are provided for the convenience of the reader to
help distinguish between vulnerabilities. The list is not intended
to be complete.

    * MLIST:[oss-security] 20091015 Re: CVE Request -- PHP 5 - 5.2.11
    * URL:http://marc.info/?l=oss-security&m=125562113503923&w=2
    * CONFIRM:http://svn.php.net/viewvc?view=revision&revision=289557
    * BID:36712
    * URL:http://www.securityfocus.com/bid/36712
    * SECUNIA:37069
    * URL:http://secunia.com/advisories/37069
    * SECUNIA:37080
    * URL:http://secunia.com/advisories/37080
    * VUPEN:ADV-2009-2929
    * URL:http://www.vupen.com/english/advisories/2009/2929
    * VUPEN:ADV-2009-2930
    * URL:http://www.vupen.com/english/advisories/2009/2930

Status Candidate 	
This CVE Identifier has "Candidate" status
and must be reviewed and accepted by the CVE Editorial Board
before it can be updated to official "Entry" status on the
CVE List. It may be modified or even rejected in the future.

Phase   Assigned (20091005)

Votes

Comments

Candidate assigned on 20091005 and proposed on N/A


======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================