Title: PHP 'imageRotate()' Uninitialized Memory Information Disclosure Vulnerability

Severity: MODERATE

Description:

PHP is a programming language commonly used for web applications.

PHP is prone to an information-disclosure vulnerability that occurs in its implementation of the 'imageRotate()' function. Specifically, values used as indexes into color palettes aren't properly validated. This error occurs in the 'ext/gd/libgd/gd.c' source file.

A malicious script may exploit this issue to read from arbitrary memory locations, possibly resulting in the disclosure of sensitive information. Failed exploits will likely cause a program crash, possibly resulting in a denial-of-service condition.

PHP 5.2.8 and prior versions are vulnerable.

Affected Products:

Debian Linux 4.0
Debian Linux 4.0 alpha
Debian Linux 4.0 amd64
Debian Linux 4.0 arm
Debian Linux 4.0 hppa
Debian Linux 4.0 ia-32
Debian Linux 4.0 ia-64
Debian Linux 4.0 m68k
Debian Linux 4.0 mips
Debian Linux 4.0 mipsel
Debian Linux 4.0 powerpc
Debian Linux 4.0 s/390
Debian Linux 4.0 sparc
Linux kernel 2.6.5
MandrakeSoft Linux Mandrake 2008.0
MandrakeSoft Linux Mandrake 2008.0 x86_64
MandrakeSoft Linux Mandrake 2008.1
MandrakeSoft Linux Mandrake 2008.1 x86_64
MandrakeSoft Linux Mandrake 2009.0
MandrakeSoft Linux Mandrake 2009.0 x86_64
PHP PHP 5.0.0 .0
PHP PHP 5.0.0 candidate 1
PHP PHP 5.0.0 candidate 2
PHP PHP 5.0.0 candidate 3
PHP PHP 5.0.1
PHP PHP 5.0.2
PHP PHP 5.0.3
PHP PHP 5.0.4
PHP PHP 5.0.5
PHP PHP 5.1.0
PHP PHP 5.1.1
PHP PHP 5.1.2
PHP PHP 5.1.3
PHP PHP 5.1.3-RC1
PHP PHP 5.1.4
PHP PHP 5.1.5
PHP PHP 5.1.6
PHP PHP 5.2
PHP PHP 5.2.1
PHP PHP 5.2.2
PHP PHP 5.2.3
PHP PHP 5.2.4
PHP PHP 5.2.5
PHP PHP 5.2.6
PHP PHP 5.2.7
PHP PHP 5.2.8
Pardus Linux 2008
RedHat Application Stack v2
RedHat Desktop 3.0.0
RedHat Enterprise Linux 5 server
RedHat Enterprise Linux AS 3
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux Desktop Workstation 5 client
RedHat Enterprise Linux Desktop version 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 4
S.u.S.E. SUSE Linux Enterprise Server 10
S.u.S.E. SUSE Linux Enterprise Server 11
S.u.S.E. openSUSE 10.3
S.u.S.E. openSUSE 11.0
S.u.S.E. openSUSE 11.1
Slackware Linux -current
Slackware Linux 11.0
Slackware Linux 12.0
Slackware Linux 12.1
Slackware Linux 12.2
Trustix Secure Linux 2.2.0
Turbolinux Appliance Server 1.0.0 Hosting Edition
Turbolinux Appliance Server 1.0.0 Workgroup Edition
Turbolinux Appliance Server 2.0
Turbolinux Appliance Server 3.0
Turbolinux Appliance Server 3.0 x64
Turbolinux Appliance Server Hosting Edition 1.0.0
Turbolinux Appliance Server Workgroup Edition 1.0.0
Turbolinux Client 2008
Turbolinux Multimedia
Turbolinux Personal
Turbolinux Turbolinux Server 10.0.0
Turbolinux Turbolinux Server 10.0.0 x64
Turbolinux Turbolinux Server 11
Turbolinux Turbolinux Server 11 x64
Ubuntu Ubuntu Linux 6.06 LTS amd64
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Ubuntu Ubuntu Linux 6.06 LTS sparc
Ubuntu Ubuntu Linux 6.10 amd64
Ubuntu Ubuntu Linux 6.10 i386
Ubuntu Ubuntu Linux 6.10 powerpc
Ubuntu Ubuntu Linux 6.10 sparc
Ubuntu Ubuntu Linux 7.04 amd64
Ubuntu Ubuntu Linux 7.04 i386
Ubuntu Ubuntu Linux 7.04 powerpc
Ubuntu Ubuntu Linux 7.04 sparc

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.

J-Security Center

Title: PHP 'imageRotate()' Uninitialized Memory Information Disclosure Vulnerability

Severity: MODERATE

Description:

Affected Products:

References: