Input validation error in PHP - CVE-2009-3293
Published: October 30, 2018 / Updated: June 8, 2025
Vulnerability identifier: #VU110323
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2009-3293
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: PHP Group
Affected software:
PHP
PHP
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Unspecified vulnerability in the imagecolortransparent function in PHP before 5.2.11 has unknown impact and attack vectors related to an incorrect "sanity check for the color index."
How to mitigate CVE-2009-3293
Install update from vendor's website.
Sources
- http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
- http://marc.info/?l=bugtraq&m=127680701405735&w=2
- http://marc.info/?l=bugtraq&m=130497311408250&w=2
- http://secunia.com/advisories/36791
- http://secunia.com/advisories/40262
- http://support.apple.com/kb/HT3937
- http://www.osvdb.org/58187
- http://www.php.net/ChangeLog-5.php#5.2.11
- http://www.php.net/releases/5_2_11.php
- http://www.securitytracker.com/id?1022914
- http://www.vupen.com/english/advisories/2009/3184
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7047