Description

The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check return values, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via invalid imagecrop arguments that lead to use of a NULL pointer as a return value, a different vulnerability than CVE-2013-7226.

Remediation

References

CVE-2013-7327

Related Vulnerabilities

WordPress Plugin WP Fusion Lite-Marketing Automation for WordPress Multiple Vulnerabilities (3.37.18)

Oracle JRE CVE-2013-0434 Vulnerability (CVE-2013-0434)

WordPress Other Vulnerability (CVE-2006-0733)

WordPress Plugin ShiftNav-Responsive Mobile Menu Cross-Site Scripting (1.5.2)

OpenSSL Other Vulnerability (CVE-2004-0079)

Severity

Medium

Classification

CVE-2013-7327 CWE-20

Tags

Missing Update Known Vulnerabilities