PHP 5.6.x < 5.6.12 Multiple DoS
High Nessus Network Monitor Plugin ID 8960
SynopsisThe remote web server uses a version of PHP that is affected by multiple vulnerabilities.
DescriptionVersions of PHP 5.6.x earlier than 5.6.12 are vulnerable to the following issues :
- A flaw exists in the file 'gd.c' due to the improper handling of images with large negative coordinates by the imagefilltoborder() function. An attacker can exploit this to cause a stack overflow, thus crashing an application using PHP. (OSVDB 125857)
- A flaw exists in the file 'php_odbc.c' when the odbc_fetch_array() function handles columns that are defined as NVARCHAR(MAX). An attacker can exploit this to crash an application using PHP. (OSVDB 125858)
SolutionUpgrade to PHP version 5.6.12 or later.