PHP 5.5.x < 5.5.9 Multiple Vulnerabilities
PVS ID: 8125 FAMILY: Web Servers RISK: MEDIUM NESSUS ID:72511
Description: Synopsis :\n\nThe remote web server uses a version of PHP that is affected by multiple vulnerabilities.\n\nPHP versions earlier than 5.5.9 are potentially affected by a heap-based buffer overflow error that exists in the file 'ext/gd/gd.c' due to insufficient bounds-checking of user-supplied data in the 'imagecrop()' function. Additionally, a memory-corruption vulnerability exists due to multiple integer signedness errors in the 'gdImageCrop()' function of the same file, which can be exploited to cause a denial of service or obtain potentially sensitive information.\n\nObserved PHP version: %L

Solution: Apply the vendor patch or upgrade to PHP version 5.5.9 or later.

CVE-2013-7328


Copyright Tenable Network Security Inc. 2014