Описание
ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a (1) string or (2) array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string for the x dimension value, a different vulnerability than CVE-2013-7226.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 5.5.9+dfsg-1ubuntu1 |
| lucid | not-affected | 5.3.2-1ubuntu4.22 |
| precise | not-affected | 5.3.10-1ubuntu3.9 |
| quantal | not-affected | 5.4.6-1ubuntu1.5 |
| saucy | released | 5.5.3+dfsg-1ubuntu2.2 |
| upstream | released | 5.5.9+dfsg-1 |
Показывать по
EPSS
5 Medium
CVSS2
Связанные уязвимости
ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a (1) string or (2) array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string for the x dimension value, a different vulnerability than CVE-2013-7226.
ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a (1) string or (2) array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string for the x dimension value, a different vulnerability than CVE-2013-7226.
ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which ...
ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a (1) string or (2) array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string for the x dimension value, a different vulnerability than CVE-2013-7226.
EPSS
5 Medium
CVSS2