Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2013-7226

Published: 18/02/2014 Updated: 07/11/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Php

Vulnerability Summary

Integer overflow in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x prior to 5.5.9 allows remote malicious users to cause a denial of service (application crash) or possibly have unspecified other impact via an imagecrop function call with a large x dimension value, leading to a heap-based buffer overflow.

Vulnerable Product Search on Vulmon Subscribe to Product

php php 5.5.0

php php 5.5.1

php php 5.5.5

php php 5.5.7

php php 5.5.6

php php 5.5.3

php php 5.5.8

php php 5.5.4

php php 5.5.2

Vendor Advisories

Ubuntu Security Notice: php5 vulnerabilities
Several security issues were fixed in PHP ...
Red Hat: CVE-2013-7226
Integer overflow in the gdImageCrop function in ext/gd/gdc in PHP 55x before 559 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an imagecrop function call with a large x dimension value, leading to a heap-based buffer overflow ...

Github Repositories

https://github.com/zer0fall/BENZENE

BENZENE: A Practical Root Cause Analysis System with an Under-Constrained State Mutation

BENZENE: A Practical Root Cause Analysis System with an Under-Constrained State Mutation BENZENE is an automated root cause analysis tool for a software crash This repository is a prototype implementation of our IEEE S&P '24 (Oakland) paper @inproceedings{park2023benzene, title={BENZENE: A Practical Root Cause Analysis System with an Under-Constrained State Mut

Recent Articles

Quick PHP patch beats slow research reveal
The Register • Darren Pauli • 23 Oct 2014

Simple solution to remote code execution

Patches have been flung out to cover vulnerabilities in PHP that led to remote code execution and buffer overflows. The flaws were detailed this week by Swiss researchers High-Tech Bridge in versions 5.4.33, 5.5.17 and 5.6.1 on a machine running Ubuntu 14.04.1 LTS and the Radamsa fuzzer. A patch issued last month for CVE-2014-3669 closed an unserialised function which researcher Symeon Paraschoudis detailed in a technical walk through. "As expected *p pointer (stored in edx) now points to invali...

Read more...

References

CWE-189https://bugs.php.net/bug.php?id=66356http://www.php.net/ChangeLog-5.phphttps://bugzilla.redhat.com/show_bug.cgi?id=1065108https://github.com/php/php-src/commit/2938329ce19cb8c4197dec146c3ec887c6f61d01http://www.mandriva.com/security/advisories?name=MDVSA-2014:027http://www.securitytracker.com/id/1029767http://www.securityfocus.com/bid/65533http://secunia.com/advisories/56829http://www.ubuntu.com/usn/USN-2126-1https://exchange.xforce.ibmcloud.com/vulnerabilities/91099http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=8f4a5373bb71590352fd934028d6dde5bc18530bhttps://usn.ubuntu.com/2126-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2013-7226
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook