6.8

CVE-2013-7226

Integer overflow in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an imagecrop function call with a large x dimension value, leading to a heap-based buffer overflow.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpPhp Version5.5.0 Updatealpha1
PhpPhp Version5.5.0 Updatealpha2
PhpPhp Version5.5.0 Updatealpha3
PhpPhp Version5.5.0 Updatealpha4
PhpPhp Version5.5.0 Updatealpha5
PhpPhp Version5.5.0 Updatealpha6
PhpPhp Version5.5.0 Updatebeta1
PhpPhp Version5.5.0 Updatebeta2
PhpPhp Version5.5.0 Updatebeta3
PhpPhp Version5.5.0 Updatebeta4
PhpPhp Version5.5.0 Updaterc1
PhpPhp Version5.5.0 Updaterc2
PhpPhp Version5.5.1
PhpPhp Version5.5.2
PhpPhp Version5.5.3
PhpPhp Version5.5.4
PhpPhp Version5.5.5
PhpPhp Version5.5.6
PhpPhp Version5.5.7
PhpPhp Version5.5.8
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.73% 0.931
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.php.net/ChangeLog-5.php
Vendor Advisory
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=8f4a5373bb71590352fd934028d6dde5bc18530b
http://secunia.com/advisories/56829
http://www.mandriva.com/security/advisories?name=MDVSA-2014:027
http://www.securityfocus.com/bid/65533
http://www.securitytracker.com/id/1029767
http://www.ubuntu.com/usn/USN-2126-1
https://bugs.php.net/bug.php?id=66356
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1065108
https://exchange.xforce.ibmcloud.com/vulnerabilities/91099
https://github.com/php/php-src/commit/2938329ce19cb8c4197dec146c3ec887c6f61d01