ext/gd/gd.c in PHP 5.5.x prior to 5.5.9 does not check data types, which might allow remote malicious users to obtain sensitive information by using a (1) string or (2) array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string for the x dimension value, a different vulnerability than CVE-2013-7226.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php php |
||
php php 5.5.7 |
||
php php 5.5.0 |
||
php php 5.5.2 |
||
php php 5.5.1 |
||
php php 5.5.4 |
||
php php 5.5.3 |
||
php php 5.5.6 |
||
php php 5.5.5 |