Published: 18/02/2014 Updated: 08/03/2014
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
VMScore: 516
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P

Vulnerability Summary

Multiple integer signedness errors in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x prior to 5.5.9 allow remote malicious users to cause a denial of service (application crash) or obtain sensitive information via an imagecrop function call with a negative value for the (1) x or (2) y dimension, a different vulnerability than CVE-2013-7226.

Vulnerable Product Search on Vulmon Subscribe to Product

php php 5.5.0

php php 5.5.1

php php 5.5.2

php php 5.5.3

php php 5.5.4

php php 5.5.5

php php 5.5.6

php php 5.5.7

php php 5.5.8

Vendor Advisories

Several security issues were fixed in PHP ...