Description

Multiple integer signedness errors in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allow remote attackers to cause a denial of service (application crash) or obtain sensitive information via an imagecrop function call with a negative value for the (1) x or (2) y dimension, a different vulnerability than CVE-2013-7226.

Remediation

References

CVE-2013-7328

Related Vulnerabilities

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-4021)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-17672)

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Open Redirect (2.1.6)

WordPress Improper Input Validation Vulnerability (CVE-2020-35539)

Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0050)

Severity

Medium

Classification

CVE-2013-7328

Tags

Missing Update Known Vulnerabilities