CVE-2013-7328

2014-02-1811:55:00

CWE-189

[email protected]

web.nvd.nist.gov

cve-2013-7328

php

integer signedness errors

remote attackers

denial of service

sensitive information

6.5 Medium

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

0.008 Low

EPSS

Percentile

81.9%

JSON

Multiple integer signedness errors in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allow remote attackers to cause a denial of service (application crash) or obtain sensitive information via an imagecrop function call with a negative value for the (1) x or (2) y dimension, a different vulnerability than CVE-2013-7226.

CPENameOperatorVersion
php:phpphpeq5.5.0
php:phpphpeq5.5.1
php:phpphpeq5.5.5
php:phpphpeq5.5.7
php:phpphpeq5.5.6
php:phpphpeq5.5.3
php:phpphpeq5.5.8
php:phpphpeq5.5.4
php:phpphpeq5.5.2

CPE	Name	Operator	Version
php:php	php	eq	5.5.0
php:php	php	eq	5.5.1
php:php	php	eq	5.5.5
php:php	php	eq	5.5.7
php:php	php	eq	5.5.6
php:php	php	eq	5.5.3
php:php	php	eq	5.5.8
php:php	php	eq	5.5.4
php:php	php	eq	5.5.2