CVE-2013-7226
Published: 18 February 2014
Integer overflow in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an imagecrop function call with a large x dimension value, leading to a heap-based buffer overflow.
Notes
| Author | Note |
|---|---|
| mdeslaur | imagecrop was introduced in 5.5.0 |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
php5 Launchpad, Ubuntu, Debian |
upstream |
Released
(5.5.9+dfsg-1)
|
| lucid |
Not vulnerable
(5.3.2-1ubuntu4.22)
|
|
| precise |
Not vulnerable
(5.3.10-1ubuntu3.9)
|
|
| quantal |
Not vulnerable
(5.4.6-1ubuntu1.5)
|
|
| saucy |
Released
(5.5.3+dfsg-1ubuntu2.2)
|
|
|
Patches: upstream: https://github.com/php/php-src/commit/2938329ce19cb8c4197dec146c3ec887c6f61d01 upstream: https://github.com/php/php-src/commit/143bb29c1ac3f959f44b8fe59adef4d1840bc393 (regression) upstream: https://github.com/php/php-src/commit/8f4a5373bb71590352fd934028d6dde5bc18530b upstream: https://github.com/php/php-src/commit/464c219ed4ebce6b9196cae308967ac7f7f58bde (small fix) |
||