Description
The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate the number of colors, which allows remote attackers to cause a denial of service (select_colors allocation error and out-of-bounds write) or possibly have unspecified other impact via a large value in the third argument.
Remediation
References
Related Vulnerabilities
WordPress 2.9.1 Trashed Posts Security Bypass Vulnerability (2.9 - 2.9.1)
WordPress Plugin Flip Slideshow Cross-Site Scripting (2.2)
WordPress Plugin EZ SQL Reports Shortcode Widget and DB Backup Multiple Vulnerabilities (4.11.33)
osCommerce Other Vulnerability (CVE-2005-1951)
WordPress Plugin Health Check & Troubleshooting Arbitrary File Disclosure (1.2.3)