Description
The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by providing different signs for the second and third arguments.
Remediation
References
Related Vulnerabilities
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4198)
WordPress Plugin Downloads Manager Arbitrary File Upload (1.0)
WordPress Plugin Constant Contact for WordPress Unspecified Vulnerability (3.1.6)
WordPress Plugin SI CAPTCHA Anti-Spam Serving Spam (3.0.2)
SharePoint Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-24955)