Description

Multiple integer signedness errors in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allow remote attackers to cause a denial of service (application crash) or obtain sensitive information via an imagecrop function call with a negative value for the (1) x or (2) y dimension, a different vulnerability than CVE-2013-7226.

Remediation

References

CVE-2013-7328

Related Vulnerabilities

WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.24)

Apache Tomcat Integer Overflow or Wraparound Vulnerability (CVE-2015-8751)

WebLogic Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2021-2351)

WordPress Plugin Modern Events Calendar Lite Arbitrary File Upload (7.11.0)

WordPress Plugin Google Authenticator-Per User Prompt Timing Attack (0.6)

Severity

Medium

Classification

CVE-2013-7328

Tags

Missing Update Known Vulnerabilities