Description
Integer overflow in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an imagecrop function call with a large x dimension value, leading to a heap-based buffer overflow.
Remediation
References
Related Vulnerabilities
Contao Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-19745)
Dolibarr Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-17898)
Roundcube Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5382)
WordPress Plugin OptionTree PHP Object Injection (2.7.2)
Jenkins Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-5323)