You are here

CVE-2013-7226

Vincent (CVE) Danen's picture
Integer overflow in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an imagecrop function call with a large x dimension value, leading to a heap-based buffer overflow.

Details Source

Mitre

Statement

Not vulnerable. This issue did not affect the versions of php or php53 as shipped with Red Hat Enterprise Linux 5 and 6, and the versions of php54-php as shipped with Red Hat Software Collections 1, as they did not include the vulnerable function (it was introduced in PHP 5.5.0). This issue also did not affect the versions of gd as shipped with Red Hat Enterprise Linux 5 and 6.

Public Date

2014-02-06 00:00:00

Impact

Important

Bugzilla

CVE-2013-7226 CVE-2013-7327 CVE-2013-7328 CVE-2014-2020 php: multiple vulnerabilities in gdImageCrop()

Bugzilla ID

1 065 108

CVSS Status

draft

Base Score

6.80

Base Metrics

AV:N/AC:M/Au:N/C:P/I:P/A:P

External References

http://www.php.net/ChangeLog-5.php#5.5.9

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 7 php Not affected
Red Hat Enterprise Linux 7 gd Not affected
Red Hat Enterprise Linux 6 gd Not affected
Red Hat Enterprise Linux 6 php Not affected
Red Hat Enterprise Linux 5 gd Not affected
Red Hat Enterprise Linux 5 php53 Not affected
Red Hat Enterprise Linux 5 php Not affected
Red Hat Enterprise Linux 4 php Not affected