6.8
CVSSv2

CVE-2013-7327

Published: 18/02/2014 Updated: 21/09/2016
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x prior to 5.5.9 does not check return values, which allows remote malicious users to cause a denial of service (application crash) or possibly have unspecified other impact via invalid imagecrop arguments that lead to use of a NULL pointer as a return value, a different vulnerability than CVE-2013-7226.

Vendor Advisories

The gdImageCrop function in ext/gd/gdc in PHP 55x before 559 does not check return values, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via invalid imagecrop arguments that lead to use of a NULL pointer as a return value, a different vulnerability than CVE-2013-7226 ...
Several security issues were fixed in PHP ...
A denial of service flaw was found in the way the File Information (fileinfo) extension handled indirect rules A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU The gdImageCrop function in ext/gd/gdc in PHP 55x before 559 does not check return values, which allows ...