Description
Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function.
Remediation
References
Related Vulnerabilities
PHP NULL Pointer Dereference Vulnerability (CVE-2017-9229)
MySQL CVE-2022-21265 Vulnerability (CVE-2022-21265)
WordPress Plugin Code Embed 'suffix' Parameter Cross-Site Scripting (2.0.1)
WordPress 5.2.x Prototype Pollution (5.2 - 5.2.14)
WordPress Plugin Power Charts-Responsive Beautiful Charts & Graphs Cross-Site Scripting (0.1.0)