PHP 5.5.x < 5.5.9 GD Extension Multiple Vulnerabilities



The remote web server uses a version of PHP that is affected by multiple vulnerabilities.


Versions of PHP 5.5.x prior to 5.5.9 are exposed to the following issues related to the GD extension :

- A heap-based buffer overflow error exists related to the functions 'gdImageCrop' and 'imagecrop' that could allow denial of service attacks and possibly arbitrary code execution. (CVE-2013-7226)

- An error exists in the function 'gdImageCrop' related to return value checking that could lead to use of NULL pointers and denial of service attacks. (CVE-2013-7327)

- Multiple integer signedness errors exist in the function 'gdImageCrop' that could allow denial of service attacks and information disclosure. (CVE-2013-7328)

- A data type checking error exists that could allow information disclosure. (CVE-2014-2020)


Apply the vendor patch or upgrade to PHP version 5.5.9 or later.