Integer overflow in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x prior to 5.5.9 allows remote malicious users to cause a denial of service (application crash) or possibly have unspecified other impact via an imagecrop function call with a large x dimension value, leading to a heap-based buffer overflow.
This repo records all the vulnerabilities of linux software I have reproduced in my local workspace
LinuxFlaw This repo records all the vulnerabilities of linux software I have reproduced in my local workspace If the vulnerability has both CVE-ID and EDB-ID, CVE-ID is preferred as its directory name All the vulnerable source code packages are stored in source-packages Vmware Workstation Images Image Name username password Ubuntu 810 exploit exploit Ubuntu 1004LTS
Simple solution to remote code execution
Patches have been flung out to cover vulnerabilities in PHP that led to remote code execution and buffer overflows.
The flaws were detailed this week by Swiss researchers High-Tech Bridge in versions 5.4.33, 5.5.17 and 5.6.1 on a machine running Ubuntu 14.04.1 LTS and the Radamsa fuzzer.
A patch issued last month for CVE-2014-3669 closed an unserialised function which researcher Symeon Paraschoudis detailed in a technical walk through.
"As expected *p pointer (stored in edx) no...