Description
The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check return values, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via invalid imagecrop arguments that lead to use of a NULL pointer as a return value, a different vulnerability than CVE-2013-7226.
Remediation
References
Related Vulnerabilities
Apache HTTP Server CVE-2012-0053 Vulnerability (CVE-2012-0053)
PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-0057)
WordPress Plugin Easy Coming Soon Cross-Site Scripting (1.8.1)
Caddy Web Server Out-of-bounds Read Vulnerability (CVE-2022-34037)
Liferay Portal CVE-2021-38266 Vulnerability (CVE-2021-38266)