Description

Integer overflow in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an imagecrop function call with a large x dimension value, leading to a heap-based buffer overflow.

Remediation

References

CVE-2013-7226

Related Vulnerabilities

WordPress Plugin Age Gate Cross-Site Scripting (2.16.3)

WordPress Plugin W4 Post List Multiple Vulnerabilities (2.4.5)

WordPress Plugin OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) Supply Chain Attack [Polyfill.io] (1.1.2)

ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-22874)

IBM RTC CVE-2020-4964 Vulnerability (CVE-2020-4964)

Severity

Medium

Classification

CVE-2013-7226

Tags

Missing Update Known Vulnerabilities