Showing 1 - 3 of 3

CVE-2013-7327

Status Candidate

Overview

The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check return values, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via invalid imagecrop arguments that lead to use of a NULL pointer as a return value, a different vulnerability than CVE-2013-7226.

Related Files

Gentoo Linux Security Advisory 201408-11: Posted Aug 29, 2014; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201408-11 - Multiple vulnerabilities have been discovered in PHP, the worst of which could lead to remote execution of arbitrary code. Versions less than 5.5.16 are affected.; tags | advisory, remote, arbitrary, php, vulnerability; systems | linux, gentoo; advisories | CVE-2011-4718, CVE-2013-1635, CVE-2013-1643, CVE-2013-1824, CVE-2013-2110, CVE-2013-3735, CVE-2013-4113, CVE-2013-4248, CVE-2013-4635, CVE-2013-4636, CVE-2013-6420, CVE-2013-6712, CVE-2013-7226, CVE-2013-7327, CVE-2013-7345, CVE-2014-0185, CVE-2014-0237, CVE-2014-0238, CVE-2014-1943, CVE-2014-2270, CVE-2014-2497, CVE-2014-3597, CVE-2014-3981, CVE-2014-4049, CVE-2014-4670, CVE-2014-5120; SHA-256 | 603e59db98b503d98e09222be7ae1aa6e92e8c93410b7df813b8dd5222e058f1; Download | Favorite | View

Mandriva Linux Security Advisory 2014-059: Posted Mar 14, 2014; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2014-059 - Multiple vulnerabilities has been discovered and corrected in php. The updated php packages have been upgraded to the 5.5.10 version which is not vulnerable to these issues. The php-xdebug packages has been upgraded to the latest 2.2.4 version that resolves numerous upstream bugs. Additionally, the PECL packages which requires so has been rebuilt for php-5.5.10.; tags | advisory, php, vulnerability; systems | linux, mandriva; advisories | CVE-2013-7327, CVE-2014-1943, CVE-2014-2270; SHA-256 | 95c04b7ba4395c3bf7ec869d0de9031560db76b9670d4e9962e9d49806fd0456; Download | Favorite | View

Ubuntu Security Notice USN-2126-1: Posted Mar 3, 2014; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 2126-1 - Bernd Melchers discovered that PHP's embedded libmagic library incorrectly handled indirect offset values. An attacker could use this issue to cause PHP to consume resources or crash, resulting in a denial of service. It was discovered that PHP incorrectly handled certain values when using the imagecrop function. An attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, obtain sensitive information, or possibly execute arbitrary code. This issue only affected Ubuntu 13.10. Various other issues were also addressed.; tags | advisory, denial of service, arbitrary, php; systems | linux, ubuntu; advisories | CVE-2014-1943, CVE-2013-7226, CVE-2013-7327, CVE-2013-7328, CVE-2014-1943, CVE-2014-2020; SHA-256 | 9a5ab283b9e55f400a4b88d11cf1323ae8f64e35c58bab2a1495db996de123ce; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 323 files
Ubuntu 71 files
Debian 21 files
LiquidWorm 12 files
Gentoo 8 files
Apple 6 files
Google Security Research 4 files
Spencer McIntyre 3 files
Jann Horn 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,172)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,112)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,459)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,018)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

CVE-2013-7327

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems