Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!Close

CVE-2013-7327

Published: 18 February 2014

The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check return values, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via invalid imagecrop arguments that lead to use of a NULL pointer as a return value, a different vulnerability than CVE-2013-7226.

Notes

AuthorNote
mdeslaur
imagecrop was introduced in 5.5.0

Priority

Medium

Status

Package Release Status
php5
Launchpad, Ubuntu, Debian
upstream
Released (5.5.9+dfsg-1)
lucid Not vulnerable
(5.3.2-1ubuntu4.22)
precise Not vulnerable
(5.3.10-1ubuntu3.9)
quantal Not vulnerable
(5.4.6-1ubuntu1.5)
saucy
Released (5.5.3+dfsg-1ubuntu2.2)
Patches:
upstream: https://github.com/php/php-src/commit/2938329ce19cb8c4197dec146c3ec887c6f61d01
upstream: https://github.com/php/php-src/commit/143bb29c1ac3f959f44b8fe59adef4d1840bc393 (regression)
upstream: https://github.com/php/php-src/commit/8f4a5373bb71590352fd934028d6dde5bc18530b
upstream: https://github.com/php/php-src/commit/464c219ed4ebce6b9196cae308967ac7f7f58bde (small fix)