6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.048 Low
EPSS
Percentile
92.7%
Versions of PHP 5.5.x prior to 5.5.9 are exposed to the following issues related to the GD extension :
A heap-based buffer overflow error exists related to the functions ‘gdImageCrop’ and ‘imagecrop’ that could allow denial of service attacks and possibly arbitrary code execution. (CVE-2013-7226)
An error exists in the function ‘gdImageCrop’ related to return value checking that could lead to use of NULL pointers and denial of service attacks. (CVE-2013-7327)
Multiple integer signedness errors exist in the function ‘gdImageCrop’ that could allow denial of service attacks and information disclosure. (CVE-2013-7328)
A data type checking error exists that could allow information disclosure. (CVE-2014-2020)
Binary data 8125.prm
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7226
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7327
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7328
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2020
www.php.net/ChangeLog-5.php#5.5.9
bugs.php.net/bug.php?id=66356
bugs.php.net/bug.php?id=66815
hackerone.com/reports/1356