Input validation error in PHP - CVE-2009-3293
Published: October 30, 2018 / Updated: June 8, 2025
Vulnerability identifier: #VU110323
CSH Severity: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2009-3293
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
PHP
PHP
Software vendor:
PHP Group
PHP Group
Description
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Unspecified vulnerability in the imagecolortransparent function in PHP before 5.2.11 has unknown impact and attack vectors related to an incorrect "sanity check for the color index."
Remediation
Install update from vendor's website.
External links
- http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
- http://marc.info/?l=bugtraq&m=127680701405735&w=2
- http://marc.info/?l=bugtraq&m=130497311408250&w=2
- http://secunia.com/advisories/36791
- http://secunia.com/advisories/40262
- http://support.apple.com/kb/HT3937
- http://www.osvdb.org/58187
- http://www.php.net/ChangeLog-5.php#5.2.11
- http://www.php.net/releases/5_2_11.php
- http://www.securitytracker.com/id?1022914
- http://www.vupen.com/english/advisories/2009/3184
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7047