Integer overflow in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x prior to 5.5.9 allows remote malicious users to cause a denial of service (application crash) or possibly have unspecified other impact via an imagecrop function call with a large x dimension value, leading to a heap-based buffer overflow.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php php 5.5.0 |
||
php php 5.5.1 |
||
php php 5.5.5 |
||
php php 5.5.7 |
||
php php 5.5.6 |
||
php php 5.5.3 |
||
php php 5.5.8 |
||
php php 5.5.4 |
||
php php 5.5.2 |
Simple solution to remote code execution
Patches have been flung out to cover vulnerabilities in PHP that led to remote code execution and buffer overflows. The flaws were detailed this week by Swiss researchers High-Tech Bridge in versions 5.4.33, 5.5.17 and 5.6.1 on a machine running Ubuntu 14.04.1 LTS and the Radamsa fuzzer. A patch issued last month for CVE-2014-3669 closed an unserialised function which researcher Symeon Paraschoudis detailed in a technical walk through. "As expected *p pointer (stored in edx) now points to invali...