CVE-2008-3658

Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.2 before 5.2.6-r6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.

🔗 References (80)

• cve@mitrehttp://bugs.gentoo.org/show_bug.cgi?id=234102
• cve@mitrehttp://lists.apple.com/archives/security-announce/2009/May/msg00002.html
• cve@mitrehttp://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
• cve@mitrehttp://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html
• cve@mitrehttp://marc.info/?l=bugtraq&m=123376588623823&w=2
• cve@mitrehttp://marc.info/?l=bugtraq&m=125631037611762&w=2
• cve@mitrehttp://news.php.net/php.cvs/51219
• cve@mitrehttp://osvdb.org/47484
• cve@mitrehttp://secunia.com/advisories/31982
• cve@mitrehttp://secunia.com/advisories/32148
• cve@mitrehttp://secunia.com/advisories/32316
• cve@mitrehttp://secunia.com/advisories/32746
• cve@mitrehttp://secunia.com/advisories/32884
• cve@mitrehttp://secunia.com/advisories/33797
• cve@mitrehttp://secunia.com/advisories/35074