5
CVSSv2

CVE-2014-2020

Published: 18/02/2014 Updated: 08/03/2014
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

ext/gd/gd.c in PHP 5.5.x prior to 5.5.9 does not check data types, which might allow remote malicious users to obtain sensitive information by using a (1) string or (2) array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string for the x dimension value, a different vulnerability than CVE-2013-7226.

Affected Products

Vendor Product Versions
PhpPhp5.5.0, 5.5.1, 5.5.2, 5.5.3, 5.5.4, 5.5.5, 5.5.6, 5.5.7, 5.5.8

Vendor Advisories

Several security issues were fixed in PHP ...