ID CVE-2013-7328
Summary Multiple integer signedness errors in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allow remote attackers to cause a denial of service (application crash) or obtain sensitive information via an imagecrop function call with a negative value for the (1) x or (2) y dimension, a different vulnerability than CVE-2013-7226.
References
Vulnerable Configurations
  • cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*
CVSS
Base: 5.8 (as of 08-03-2014 - 05:12)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:N/A:P
refmap via4
confirm
ubuntu USN-2126-1
Last major update 08-03-2014 - 05:12
Published 18-02-2014 - 11:55
Last modified 08-03-2014 - 05:12
Back to Top