Showing 1 - 3 of 3

CVE-2013-7327

Status Candidate

Overview

The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check return values, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via invalid imagecrop arguments that lead to use of a NULL pointer as a return value, a different vulnerability than CVE-2013-7226.

Related Files

Gentoo Linux Security Advisory 201408-11: Posted Aug 29, 2014; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201408-11 - Multiple vulnerabilities have been discovered in PHP, the worst of which could lead to remote execution of arbitrary code. Versions less than 5.5.16 are affected.; tags | advisory, remote, arbitrary, php, vulnerability; systems | linux, gentoo; advisories | CVE-2011-4718, CVE-2013-1635, CVE-2013-1643, CVE-2013-1824, CVE-2013-2110, CVE-2013-3735, CVE-2013-4113, CVE-2013-4248, CVE-2013-4635, CVE-2013-4636, CVE-2013-6420, CVE-2013-6712, CVE-2013-7226, CVE-2013-7327, CVE-2013-7345, CVE-2014-0185, CVE-2014-0237, CVE-2014-0238, CVE-2014-1943, CVE-2014-2270, CVE-2014-2497, CVE-2014-3597, CVE-2014-3981, CVE-2014-4049, CVE-2014-4670, CVE-2014-5120; SHA-256 | 603e59db98b503d98e09222be7ae1aa6e92e8c93410b7df813b8dd5222e058f1; Download | Favorite | View

Mandriva Linux Security Advisory 2014-059: Posted Mar 14, 2014; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2014-059 - Multiple vulnerabilities has been discovered and corrected in php. The updated php packages have been upgraded to the 5.5.10 version which is not vulnerable to these issues. The php-xdebug packages has been upgraded to the latest 2.2.4 version that resolves numerous upstream bugs. Additionally, the PECL packages which requires so has been rebuilt for php-5.5.10.; tags | advisory, php, vulnerability; systems | linux, mandriva; advisories | CVE-2013-7327, CVE-2014-1943, CVE-2014-2270; SHA-256 | 95c04b7ba4395c3bf7ec869d0de9031560db76b9670d4e9962e9d49806fd0456; Download | Favorite | View

Ubuntu Security Notice USN-2126-1: Posted Mar 3, 2014; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 2126-1 - Bernd Melchers discovered that PHP's embedded libmagic library incorrectly handled indirect offset values. An attacker could use this issue to cause PHP to consume resources or crash, resulting in a denial of service. It was discovered that PHP incorrectly handled certain values when using the imagecrop function. An attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, obtain sensitive information, or possibly execute arbitrary code. This issue only affected Ubuntu 13.10. Various other issues were also addressed.; tags | advisory, denial of service, arbitrary, php; systems | linux, ubuntu; advisories | CVE-2014-1943, CVE-2013-7226, CVE-2013-7327, CVE-2013-7328, CVE-2014-1943, CVE-2014-2020; SHA-256 | 9a5ab283b9e55f400a4b88d11cf1323ae8f64e35c58bab2a1495db996de123ce; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 239 files
indoushka 139 files
Ubuntu 79 files
Gentoo 33 files
Debian 26 files
Sebastian Hamann 8 files
Jann Horn 7 files
Google Security Research 6 files
Moritz Abrell 6 files
Jaggar Henry 6 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,110)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,941)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,657)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,783)
UNIX (9,443)
UnixWare (187)
Windows (6,679)
Other

CVE-2013-7327

Overview

Related Files

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems