PHP 5.5.x < 5.5.9 Multiple Vulnerabilities

Medium

Synopsis

The remote web server uses a version of PHP that is affected by multiple vulnerabilities.

Description

PHP versions earlier than 5.5.9 are potentially affected by a heap-based buffer overflow error that exists in the file 'ext/gd/gd.c' due to insufficient bounds-checking of user-supplied data in the 'imagecrop()' function. Additionally, a memory-corruption vulnerability exists due to multiple integer signedness errors in the 'gdImageCrop()' function of the same file, which can be exploited to cause a denial of service or obtain potentially sensitive information.

Solution

Apply the vendor patch or upgrade to PHP version 5.5.9 or later.