Description
Multiple integer signedness errors in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allow remote attackers to cause a denial of service (application crash) or obtain sensitive information via an imagecrop function call with a negative value for the (1) x or (2) y dimension, a different vulnerability than CVE-2013-7226.
Remediation
References
Related Vulnerabilities
WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk SQL Injection (5.148)
Django 7PK - Security Features Vulnerability (CVE-2016-7401)
Drupal Core 8.x.x Arbitrary File Overwrite (8.0.0 - 8.7.14)
ProjectSend Insertion of Sensitive Information into Log File Vulnerability (CVE-2019-11492)