Description
ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a (1) string or (2) array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string for the x dimension value, a different vulnerability than CVE-2013-7226.
Remediation
References
Related Vulnerabilities
ATutor Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-12169)
WordPress Plugin GarageSale Cross-Site Scripting (1.2.2)
WordPress Plugin Mapwiz SQL Injection (1.0.1)
Jboss EAP 7PK - Security Features Vulnerability (CVE-2015-5178)
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2020-10968)