FreeBSD Ports: Gd Network Vulnerability

Summary

The remote host is missing an update to the system as announced in the referenced advisory.

Solution

Update your system with the appropriate patches or software upgrades. http://secunia.com/advisories/37069 http://secunia.com/advisories/37080 http://www.vuxml.org/freebsd/4e8344a3-ca52-11de-8ee8-00215c6a37bb.html

Insight

The following packages are affected: gd php5-gd php4-gd CVE-2009-3546 The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.0, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information.

Severity

Classification

CVE CVE-2009-3546
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

FreeBSD Ports: chromium
FreeBSD Ports: axel
FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
FreeBSD Ports: asterisk14
FreeBSD Ports: chromium

FreeBSD Ports: gd

Take action and discover your vulnerabilities