Vulnerability Name:

CVE-2008-3658 (CCN-44401)

Assigned:2008-08-07
Published:2008-08-07
Updated:2018-10-11
Summary:Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.2 before 5.2.6-r6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-119
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: Gentoo Bugzilla Bug 234102
dev-lang/php < 5.2.6-r6: arbitrary code execution, DoS, safe_mode bypass (CVE-2008-{3658,3659,3660})

Source: CONFIRM
Type: UNKNOWN
http://bugs.gentoo.org/show_bug.cgi?id=234102

Source: MITRE
Type: CNA
CVE-2008-3658

Source: CCN
Type: HP Security Bulletin HPSBTU02382 SSRT080132 rev.1
HP Secure Web Server for Tru64 UNIX or Internet Express for Tru64 UNIX running PHP, Remote Denial of Service (DoS) or Arbitrary Code Execution

Source: CCN
Type: HP Security Bulletin HPSBUX02401 SSRT090005 rev.1
HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Cross-site Scripting (XSS), Execution of Arbitrary Code, Cross-Site Request Forgery (CSRF)

Source: APPLE
Type: UNKNOWN
APPLE-SA-2009-05-12

Source: SUSE
Type: UNKNOWN
SUSE-SR:2008:018

Source: SUSE
Type: UNKNOWN
SUSE-SR:2008:021

Source: HP
Type: UNKNOWN
HPSBUX02401

Source: HP
Type: UNKNOWN
HPSBUX02465

Source: MISC
Type: Exploit
http://news.php.net/php.cvs/51219

Source: OSVDB
Type: UNKNOWN
47484

Source: CCN
Type: RHSA-2009-0337
Moderate: php security update

Source: CCN
Type: RHSA-2009-0338
Moderate: php security update

Source: CCN
Type: RHSA-2009-0350
Moderate: php security update

Source: CCN
Type: SA31409
PHP Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
31982

Source: SECUNIA
Type: UNKNOWN
32148

Source: SECUNIA
Type: UNKNOWN
32316

Source: SECUNIA
Type: UNKNOWN
32746

Source: CCN
Type: SA32884
HP Secure Web Server/Internet Express for Tru64 UNIX PHP Vulnerability

Source: SECUNIA
Type: UNKNOWN
32884

Source: SECUNIA
Type: UNKNOWN
33797

Source: CCN
Type: SA35074
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
35074

Source: SECUNIA
Type: UNKNOWN
35306

Source: GENTOO
Type: UNKNOWN
GLSA-200811-05

Source: CCN
Type: Apple Web site
About the security content of Security Update 2009-002 / Mac OS X v10.5.7

Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT3549

Source: CCN
Type: ASA-2009-061
HPSBUX02401 SSRT090005 rev.2 - HP-UX Running Apache Web Server SuiteRemote Denial of Service (DoS) Cross-site Scripting (XSS) Execution of Arbitrary Code Cross-Site Request Forgery (CSRF)

Source: CCN
Type: ASA-2009-161
php security update (RHSA-2009-0337)

Source: CONFIRM
Type: UNKNOWN
http://wiki.rpath.com/Advisories:rPSA-2009-0035

Source: DEBIAN
Type: UNKNOWN
DSA-1647

Source: DEBIAN
Type: DSA-1647
php5 -- several vulnerabilities

Source: CCN
Type: GLSA-200811-05
PHP: Multiple vulnerabilities

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2009:021

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2009:022

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2009:023

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2009:024

Source: MLIST
Type: UNKNOWN
[oss-security] 20080808 CVE request: php-5.2.6 overflow issues

Source: MLIST
Type: UNKNOWN
[oss-security] 20080813 Re: CVE request: php-5.2.6 overflow issues

Source: CCN
Type: OSVDB ID: 47484
PHP imageloadfont Malformed Font Handling DoS

Source: CCN
Type: PHP News Archive
PHP 4.4.9 released!

Source: CONFIRM
Type: UNKNOWN
http://www.php.net/archive/2008.php#id2008-08-07-1

Source: CCN
Type: PHP 4 ChangeLog
Version 4.4.9

Source: CCN
Type: PHP Web site
PHP 4.4.9

Source: REDHAT
Type: UNKNOWN
RHSA-2009:0350

Source: HP
Type: UNKNOWN
SSRT080132

Source: BUGTRAQ
Type: UNKNOWN
20090302 rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl

Source: BID
Type: UNKNOWN
30649

Source: CCN
Type: BID-30649
PHP Multiple Buffer Overflow Vulnerabilities

Source: CCN
Type: TLSA-2009-2
Multiple vulnerabilities exist in php

Source: CCN
Type: USN-720-1
PHP vulnerabilities

Source: CERT
Type: US Government Resource
TA09-133A

Source: VUPEN
Type: UNKNOWN
ADV-2008-2336

Source: VUPEN
Type: UNKNOWN
ADV-2008-3275

Source: VUPEN
Type: UNKNOWN
ADV-2009-0320

Source: VUPEN
Type: UNKNOWN
ADV-2009-1297

Source: XF
Type: UNKNOWN
php-imageloadfont-bo(44401)

Source: XF
Type: UNKNOWN
php-imageloadfont-dos(44401)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9724

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-3768

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-3848

Source: SUSE
Type: SUSE-SR:2008:018
SUSE Security Summary Report

Source: SUSE
Type: SUSE-SR:2008:021
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:php:php:4.4.0:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.4.1:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.4.2:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.4.3:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.4.4:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.4.5:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.4.6:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.4.7:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.4.8:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.2.1:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.2.2:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.2.3:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.2.4:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.2.5:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.2.6:-:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:php:php:4.4.0:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.4.2:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.4.3:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.2.1:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.4.6:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.4.5:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.4.7:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.2.3:-:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.4.1:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.4.4:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.2.2:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.2.4:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.2.5:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.2.6:-:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.4.8:-:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.6:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:b.11.11:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:b.11.23:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:fuji:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:personal:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:multimedia:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:b.11.31:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.10:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:x86_64:*:*:*:*:*:*
  • OR cpe:/a:redhat:rhel_application_stack:2:*:*:*:*:*:*:*
  • OR cpe:/a:hp:secure_web_server_for_tru64:6.3.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:8.04::lts:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20083658
    V
    		CVE-2008-3658
    2017-09-27
    oval:org.mitre.oval:def:29345
    P
    		RHSA-2009:0338 -- php security update (Moderate)
    2015-08-17
    oval:org.mitre.oval:def:13729
    P
    		USN-720-1 -- php5 vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:20236
    P
    		DSA-1647-1 php5 - several vulnerabilities
    2014-06-23
    oval:org.mitre.oval:def:8084
    P
    		DSA-1647 php5 -- several vulnerabilities
    2014-06-23
    oval:org.mitre.oval:def:22732
    P
    		ELSA-2009:0338: php security update (Moderate)
    2014-05-26
    oval:org.mitre.oval:def:9724
    V
    		Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.2 before 5.2.6-r6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
    2013-04-29
    oval:com.redhat.rhsa:def:20090337
    P
    		RHSA-2009:0337: php security update (Moderate)
    2009-04-06
    oval:com.redhat.rhsa:def:20090338
    P
    		RHSA-2009:0338: php security update (Moderate)
    2009-04-06
    oval:org.debian:def:1647
    V
    		several vulnerabilities
    2008-10-07
    BACK
    php php 4.4.0
    php php 4.4.1
    php php 4.4.2
    php php 4.4.3
    php php 4.4.4
    php php 4.4.5
    php php 4.4.6
    php php 4.4.7
    php php 4.4.8
    php php 5.2.0
    php php 5.2.1
    php php 5.2.2
    php php 5.2.3
    php php 5.2.4
    php php 5.2.5
    php php 5.2.6
    php php 4.4.0
    php php 4.4.2
    php php 4.4.3
    php php 5.2.0
    php php 5.2.1
    php php 4.4.6
    php php 4.4.5
    php php 4.4.7
    php php 5.2.3
    apple mac os x 10.5
    apple mac os x server 10.5
    apple mac os x 10.5.1
    apple mac os x server 10.5.1
    apple mac os x 10.5.2
    apple mac os x server 10.5.2
    php php 4.4.1
    php php 4.4.4
    php php 5.2.2
    php php 5.2.4
    php php 5.2.5
    php php 5.2.6
    apple mac os x server 10.5.3
    apple mac os x 10.5.3
    php php 4.4.8
    apple mac os x 10.5.4
    apple mac os x server 10.5.4
    apple mac os x 10.5.5
    apple mac os x server 10.5.5
    apple mac os x 10.5.6
    apple mac os x server 10.5.6
    gentoo linux *
    hp hp-ux b.11.11
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    hp hp-ux b.11.23
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    mandrakesoft mandrake multi network firewall 2.0
    canonical ubuntu 6.06
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 3.0
    turbolinux turbolinux fuji
    turbolinux turbolinux personal *
    turbolinux turbolinux multimedia *
    redhat enterprise linux 5
    redhat enterprise linux 5
    mandrakesoft mandrake linux 2008.0
    debian debian linux 4.0
    hp hp-ux b.11.31
    canonical ubuntu 7.10
    mandrakesoft mandrake linux 2008.0
    mandrakesoft mandrake linux 2008.1 x86_64
    redhat rhel application stack 2
    hp secure web server for tru64 6.3.0
    mandrakesoft mandrake linux 2008.1
    canonical ubuntu 8.04
    mandriva linux 2009.0
    mandriva linux 2009.0 -