CVE-2008-5498

PHP < 5.2.8 - Exposure of Sensitive Information via imageRotate Function

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5498. PoCs published by Hamid Ebadi.

AI-analyzed exploit summary This exploit leverages an information leak vulnerability in PHP's gd library (CVE-2008-5498) by manipulating the `imageRotate()` function's `clrBack` parameter to read arbitrary memory addresses. The PoC demonstrates how to extract memory values by rotating an image and decoding the resulting color data.

Description

Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Hamid Ebadi · textlocalmultiple
https://www.exploit-db.com/exploits/7646

This exploit leverages an information leak vulnerability in PHP's gd library (CVE-2008-5498) by manipulating the `imageRotate()` function's `clrBack` parameter to read arbitrary memory addresses. The PoC demonstrates how to extract memory values by rotating an image and decoding the resulting color data.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Complex
Reliability
Reliable
Target: PHP <= 5.2.8 with gd library
No auth needed
Prerequisites: PHP with gd library enabled · Ability to execute PHP scripts on the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (24)

Core 24
Core References
Release Notes x_refsource_confirm
http://www.php.net/releases/5_2_9.php
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=125631037611762&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1021494
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=124654546101607&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/51031
Vendor Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/47635
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34642
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:023
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:022
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9667
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-0350.html
Vendor Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:021
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT3865
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36701
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35306
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35650
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/33002

Scores

EPSS 0.0885
EPSS Percentile 94.5%

Details

CWE
CWE-200
Status published
Products (24)
php/php 5
php/php 5.0 rc1 (3 CPE variants)
php/php 5.0.0 (8 CPE variants)
php/php 5.0.1
php/php 5.0.2
php/php 5.0.3
php/php 5.0.4
php/php 5.0.5
php/php 5.1.0
php/php 5.1.1
... and 14 more
Published Dec 26, 2008
Tracked Since Feb 18, 2026