6.8
CVSSv2

CVE-2013-7327

Published: 18/02/2014 Updated: 21/09/2016
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x prior to 5.5.9 does not check return values, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via invalid imagecrop arguments that lead to use of a NULL pointer as a return value, a different vulnerability than CVE-2013-7226.

Affected Products

Vendor Product Versions
PhpPhp5.5.0, 5.5.1, 5.5.2, 5.5.3, 5.5.4, 5.5.5, 5.5.6, 5.5.7, 5.5.8
CanonicalUbuntu Linux10.04, 12.04, 12.10, 13.10

Vendor Advisories

The gdImageCrop function in ext/gd/gdc in PHP 55x before 559 does not check return values, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via invalid imagecrop arguments that lead to use of a NULL pointer as a return value, a different vulnerability than CVE-2013-7226 ...
Several security issues were fixed in PHP ...
A denial of service flaw was found in the way the File Information (fileinfo) extension handled indirect rules A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU The gdImageCrop function in ext/gd/gdc in PHP 55x before 559 does not check return values, which allows ...