Description
The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service (memory consumption) via a crafted call, as demonstrated by a call to the PHP imagescale function.
Remediation
References
Related Vulnerabilities
Roundcube Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2009-4076)
OpenSSL Other Vulnerability (CVE-2015-1790)
WordPress Plugin Loco Translate Unspecified Vulnerability (2.5.4)
LimeSurvey Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-48008)
WordPress Plugin Widget Shortcode Cross-Site Scripting (0.3.5)