Published: 07/08/2016 Updated: 05/01/2018

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.6 | Impact Score: 4.7 | Exploitability Score: 2.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

gd_interpolation.c in the GD Graphics Library (aka libgd) prior to 2.1.1, as used in PHP prior to 5.5.36, 5.6.x prior to 5.6.22, and 7.x prior to 7.0.7, allows remote malicious users to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted image that is mishandled by the imagescale function.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libgd libgd 2.1.0

The GD library could be made to crash or run programs if it processed a specially crafted image file ...

Synopsis Moderate: rh-php56 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for rh-php56, rh-php56-php, and rh-php56-php-pear is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Mo ...

Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development The vulnerabilities are addressed by upgrading PHP to the new upstream version 5622, which includes additional bug fixes Please refer to the upstream changelog for more information: phpnet/ChangeLog-5php#562 ...

The following security-related issues were resolved: Out-of-bounds read in imagescale (CVE-2013-7456)Integer underflow causing arbitrary null write in fread/gzread (CVE-2016-5096)Integer overflow in php_html_entities() (CVE-2016-5094)Integer overflow in php_filter_full_special_chars() (CVE-2016-5095)Out-of-bounds heap read in get_icu_value_internal ...

The following security-related issues were resolved: Out-of-bounds read in imagescale (CVE-2013-7456)Integer underflow causing arbitrary null write in fread/gzread (CVE-2016-5096)The phar_make_dirstream function in ext/phar/dirstreamc in PHP before 5618 and 7x before 703 mishandles zero-size //@LongLink files, which allows remote attackers ...

gd_interpolationc in the GD Graphics Library (aka libgd) before 211, as used in PHP before 5536, 56x before 5622, and 7x before 707, allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted image that is mishandled by the imagescale function ...

CWE-125 https://bugs.php.net/bug.php?id=72227 http://php.net/ChangeLog-7.php http://php.net/ChangeLog-5.php http://www.openwall.com/lists/oss-security/2016/05/26/3 https://github.com/libgd/libgd/commit/4f65a3e4eedaffa1efcf9ee1eb08f0b504fbc31a https://github.com/php/php-src/commit/7a1aac3343af85b4af4df5f8844946eaa27394ab?w=1 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731 http://www.debian.org/security/2016/dsa-3602 http://www.ubuntu.com/usn/USN-3030-1 http://www.debian.org/security/2016/dsa-3587 http://www.securityfocus.com/bid/90859 http://rhn.redhat.com/errata/RHSA-2016-2750.html https://usn.ubuntu.com/3030-1/https://nvd.nist.gov

CVE-2013-7456

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect