[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2009-3546":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T20:55:29.923Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":68,"aliases":69,"duplicate_of":9,"upstream":70,"downstream":71,"duplicates":80,"related":81,"reserved_at":9,"published_at":82,"modified_at":83,"state":84,"summary":85,"references_raw":94,"kevs":158,"epss":159,"epss_history":162,"metrics":413,"affected":418},"CVE-2009-3546","The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-119","Improper Restriction of Operations within the Bounds of a Memory Buffer","The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.","weakness","Stable","Class","High",[20,24,28,32,36,40,44,48,52,56,60,64],{"id":21,"name":22,"techniques":23},"CAPEC-10","Buffer Overflow via Environment Variables",[],{"id":25,"name":26,"techniques":27},"CAPEC-100","Overflow Buffers",[],{"id":29,"name":30,"techniques":31},"CAPEC-123","Buffer Manipulation",[],{"id":33,"name":34,"techniques":35},"CAPEC-14","Client-side Injection-induced Buffer Overflow",[],{"id":37,"name":38,"techniques":39},"CAPEC-24","Filter Failure through Buffer Overflow",[],{"id":41,"name":42,"techniques":43},"CAPEC-42","MIME Conversion",[],{"id":45,"name":46,"techniques":47},"CAPEC-44","Overflow Binary Resource File",[],{"id":49,"name":50,"techniques":51},"CAPEC-45","Buffer Overflow via Symbolic Links",[],{"id":53,"name":54,"techniques":55},"CAPEC-46","Overflow Variables and Tags",[],{"id":57,"name":58,"techniques":59},"CAPEC-47","Buffer Overflow via Parameter Expansion",[],{"id":61,"name":62,"techniques":63},"CAPEC-8","Buffer Overflow in an API Call",[],{"id":65,"name":66,"techniques":67},"CAPEC-9","Buffer Overflow in Local Command-Line Utilities",[],[],[],[],[72,74,76,78],{"_key":73},"RHSA-2010:0003",{"_key":75},"RHSA-2010:0040",{"_key":77},"DSA-1936-1",{"_key":79},"DEBIAN-CVE-2009-3546",[],[],"2009-10-19T19:27:00.000Z","2024-08-07T06:31:10.567Z","Modified",{"cisa_kev":86,"cisa_ransomware":86,"cisa_vendor":9,"epss_severity":87,"epss_score":88,"severity":89,"severity_score":90,"severity_version":91,"severity_source":92,"severity_vector":93,"severity_status":84},false,"low",0.04663,"high",9.3,"v2.0","nvd","AV:N/AC:M/Au:N/C:C/I:C/A:C",[95,102,108,113,117,123,127,132,138,144,149,153],{"url":96,"sources":97,"tags":99},"http://www.mandriva.com/security/advisories?name=MDVSA-2009:285",[98,92],"cve.org",[100,101],"Vendor Advisory","X Refsource MANDRIVA",{"url":103,"sources":104,"tags":105},"http://secunia.com/advisories/37069",[98,92],[106,107,100],"Third Party Advisory","X Refsource SECUNIA",{"url":109,"sources":110,"tags":111},"http://www.redhat.com/support/errata/RHSA-2010-0003.html",[98,92],[100,112],"X Refsource REDHAT",{"url":114,"sources":115,"tags":116},"http://secunia.com/advisories/37080",[98,92],[106,107,100],{"url":118,"sources":119,"tags":120},"http://www.securityfocus.com/bid/36712",[98,92],[121,122],"VDB Entry","X Refsource BID",{"url":124,"sources":125,"tags":126},"http://secunia.com/advisories/38055",[98,92],[106,107,100],{"url":128,"sources":129,"tags":130},"http://www.vupen.com/english/advisories/2009/2929",[98,92],[121,131,100],"X Refsource VUPEN",{"url":133,"sources":134,"tags":135},"http://marc.info/?l=oss-security&m=125562113503923&w=2",[98,92],[136,137],"Mailing List","X Refsource MLIST",{"url":139,"sources":140,"tags":141},"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11199",[98,92],[121,142,143],"Signature","X Refsource OVAL",{"url":145,"sources":146,"tags":147},"http://svn.php.net/viewvc?view=revision&revision=289557",[98,92],[148],"X Refsource CONFIRM",{"url":150,"sources":151,"tags":152},"http://www.openwall.com/lists/oss-security/2009/11/20/5",[98,92],[136,137],{"url":154,"sources":155,"tags":156},"http://www.vupen.com/english/advisories/2009/2930",[98,92],[121,131,157,100],"Patch",[],{"date":160,"score":88,"percentile":161},"2026-06-04",0.89501,[163,167,170,173,176,179,182,184,187,190,193,196,199,202,204,207,210,213,216,218,220,223,226,228,230,232,235,237,240,243,246,249,252,255,258,261,264,267,270,273,276,279,282,284,287,290,293,296,298,300,303,306,309,311,315,318,320,323,326,329,331,334,337,339,342,344,347,350,353,355,357,359,361,364,367,369,371,374,376,380,383,386,389,392,395,398,401,404,407,410],{"date":164,"score":165,"percentile":166},"2025-11-04",0.03545,0.87175,{"date":168,"score":165,"percentile":169},"2025-11-05",0.87176,{"date":171,"score":165,"percentile":172},"2025-11-06",0.87173,{"date":174,"score":165,"percentile":175},"2025-11-07",0.8718,{"date":177,"score":165,"percentile":178},"2025-11-08",0.87184,{"date":180,"score":165,"percentile":181},"2025-11-09",0.87178,{"date":183,"score":165,"percentile":169},"2025-11-10",{"date":185,"score":165,"percentile":186},"2025-11-11",0.87182,{"date":188,"score":165,"percentile":189},"2025-11-12",0.87188,{"date":191,"score":165,"percentile":192},"2025-11-13",0.87193,{"date":194,"score":165,"percentile":195},"2025-11-14",0.87195,{"date":197,"score":165,"percentile":198},"2025-11-15",0.8719,{"date":200,"score":165,"percentile":201},"2025-11-16",0.87194,{"date":203,"score":165,"percentile":198},"2025-11-17",{"date":205,"score":165,"percentile":206},"2025-11-18",0.8649,{"date":208,"score":165,"percentile":209},"2025-11-19",0.86491,{"date":211,"score":165,"percentile":212},"2025-11-20",0.86492,{"date":214,"score":165,"percentile":215},"2025-11-21",0.87198,{"date":217,"score":165,"percentile":192},"2025-11-22",{"date":219,"score":165,"percentile":198},"2025-11-23",{"date":221,"score":165,"percentile":222},"2025-11-24",0.87191,{"date":224,"score":165,"percentile":225},"2025-11-25",0.87192,{"date":227,"score":165,"percentile":222},"2025-11-26",{"date":229,"score":165,"percentile":192},"2025-11-27",{"date":231,"score":165,"percentile":186},"2025-11-28",{"date":233,"score":165,"percentile":234},"2025-11-29",0.87256,{"date":236,"score":165,"percentile":234},"2025-11-30",{"date":238,"score":165,"percentile":239},"2025-12-01",0.87319,{"date":241,"score":165,"percentile":242},"2025-12-02",0.8732,{"date":244,"score":165,"percentile":245},"2025-12-03",0.87318,{"date":247,"score":165,"percentile":248},"2025-12-04",0.87251,{"date":250,"score":165,"percentile":251},"2025-12-05",0.87255,{"date":253,"score":165,"percentile":254},"2025-12-06",0.87252,{"date":256,"score":165,"percentile":257},"2025-12-07",0.87247,{"date":259,"score":165,"percentile":260},"2025-12-08",0.87248,{"date":262,"score":165,"percentile":263},"2025-12-09",0.8726,{"date":265,"score":165,"percentile":266},"2025-12-10",0.87277,{"date":268,"score":165,"percentile":269},"2025-12-11",0.87283,{"date":271,"score":165,"percentile":272},"2025-12-12",0.87287,{"date":274,"score":165,"percentile":275},"2025-12-13",0.87286,{"date":277,"score":165,"percentile":278},"2025-12-14",0.8728,{"date":280,"score":165,"percentile":281},"2025-12-15",0.87279,{"date":283,"score":165,"percentile":272},"2025-12-16",{"date":285,"score":165,"percentile":286},"2025-12-17",0.87291,{"date":288,"score":165,"percentile":289},"2025-12-18",0.873,{"date":291,"score":165,"percentile":292},"2025-12-19",0.87301,{"date":294,"score":165,"percentile":295},"2025-12-20",0.87299,{"date":297,"score":165,"percentile":289},"2025-12-21",{"date":299,"score":165,"percentile":295},"2025-12-22",{"date":301,"score":165,"percentile":302},"2025-12-23",0.87302,{"date":304,"score":165,"percentile":305},"2025-12-24",0.87309,{"date":307,"score":165,"percentile":308},"2025-12-25",0.87322,{"date":310,"score":165,"percentile":308},"2025-12-26",{"date":312,"score":313,"percentile":314},"2025-12-27",0.0317,0.86576,{"date":316,"score":165,"percentile":317},"2025-12-28",0.87315,{"date":319,"score":165,"percentile":305},"2025-12-29",{"date":321,"score":165,"percentile":322},"2025-12-30",0.87316,{"date":324,"score":165,"percentile":325},"2025-12-31",0.87329,{"date":327,"score":165,"percentile":328},"2026-01-01",0.87387,{"date":330,"score":165,"percentile":328},"2026-01-02",{"date":332,"score":165,"percentile":333},"2026-01-03",0.87386,{"date":335,"score":165,"percentile":336},"2026-01-04",0.87321,{"date":338,"score":165,"percentile":322},"2026-01-05",{"date":340,"score":165,"percentile":341},"2026-01-06",0.87317,{"date":343,"score":165,"percentile":239},"2026-01-07",{"date":345,"score":165,"percentile":346},"2026-01-08",0.87324,{"date":348,"score":165,"percentile":349},"2026-01-09",0.87323,{"date":351,"score":165,"percentile":352},"2026-01-10",0.87325,{"date":354,"score":165,"percentile":242},"2026-01-11",{"date":356,"score":165,"percentile":245},"2026-01-12",{"date":358,"score":165,"percentile":322},"2026-01-13",{"date":360,"score":165,"percentile":325},"2026-01-14",{"date":362,"score":165,"percentile":363},"2026-01-15",0.87328,{"date":365,"score":165,"percentile":366},"2026-01-16",0.87335,{"date":368,"score":165,"percentile":366},"2026-01-17",{"date":370,"score":165,"percentile":366},"2026-01-18",{"date":372,"score":165,"percentile":373},"2026-01-19",0.87331,{"date":375,"score":165,"percentile":373},"2026-01-20",{"date":377,"score":378,"percentile":379},"2026-01-21",0.04125,0.88309,{"date":381,"score":378,"percentile":382},"2026-01-22",0.88313,{"date":384,"score":378,"percentile":385},"2026-01-23",0.88327,{"date":387,"score":378,"percentile":388},"2026-01-24",0.88334,{"date":390,"score":378,"percentile":391},"2026-01-25",0.8833,{"date":393,"score":378,"percentile":394},"2026-01-26",0.88328,{"date":396,"score":378,"percentile":397},"2026-01-27",0.88329,{"date":399,"score":378,"percentile":400},"2026-01-28",0.88331,{"date":402,"score":378,"percentile":403},"2026-01-29",0.88337,{"date":405,"score":378,"percentile":406},"2026-01-30",0.88341,{"date":408,"score":378,"percentile":409},"2026-01-31",0.88339,{"date":411,"score":378,"percentile":412},"2026-02-01",0.88406,[414],{"source":92,"cvss_v2_0":415,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":90,"baseSeverity":9,"vectorString":93,"impactScore":416,"exploitabilityScore":417},10,8.6,[419,448],{"ecosystem":9,"name":420,"vendor":421,"product":422,"cpe_part":423,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":424},"gd graphics library","libgd","gd_graphics_library","a",[425,428,430,432,434,436,438,440,442,444,446],{"version":426,"is_range":86,"range_type":427,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.0.33","cpe",{"version":429,"is_range":86,"range_type":427,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.0.34",{"version":431,"is_range":86,"range_type":427,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.0.34:rc1",{"version":433,"is_range":86,"range_type":427,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.0.34:rc2",{"version":435,"is_range":86,"range_type":427,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.0.35",{"version":437,"is_range":86,"range_type":427,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.0.35:rc1",{"version":439,"is_range":86,"range_type":427,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.0.35:rc2",{"version":441,"is_range":86,"range_type":427,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.0.35:rc3",{"version":443,"is_range":86,"range_type":427,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.0.35:rc4",{"version":445,"is_range":86,"range_type":427,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.0.35:rc5",{"version":447,"is_range":86,"range_type":427,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.0.36:rc1",{"ecosystem":9,"name":449,"vendor":9,"product":449,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":450},"PHP",[451,453],{"version":452,"is_range":86,"range_type":427,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.2.11",{"version":454,"is_range":86,"range_type":427,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.3.0"]