K15648: PHP vulnerability CVE-2014-2020

Security Advisory Description ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a 1 string or 2 array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string f...

Ubuntu Update for php5 USN-2126-1

Check for the Version of php5 OpenVAS Vulnerability Test $Id: gbubuntuUSN21261.nasl 7957 2017-12-01 06:40:08Z santu $ Ubuntu Update for php5 USN-2126-1 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you...

Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 : php5 vulnerabilities (USN-2126-1)

Bernd Melchers discovered that PHP's embedded libmagic library incorrectly handled indirect offset values. An attacker could use this issue to cause PHP to consume resources or crash, resulting in a denial of service. CVE-2014-1943 It was discovered that PHP incorrectly handled certain values whe...

Ubuntu: Security Advisory (USN-2126-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PHP 'ext/gd/gd.c'信息泄漏漏洞

CVE ID:CVE-2014-2020 PHP是一种HTML内嵌式的语言。 PHP 'ext/gd/gd.c'没有检查数据类型，允许远程攻击者使用字符串或数组数据累心过来代替数字数据类型来获取敏感信息，此漏洞不同于CVE-2013-7226。 0 PHP 5.5.x PHP 5.5.9已经修复该漏洞，建议用户下载更新： http://php.net...

CVE-2014-2020

CVE-2014-2020 affects PHP 5.5.x before 5.5.9. The gd crop function (gd.c) does not type-check numeric inputs, allowing a remote attacker to extract sensitive information by supplying a string or array where a number is expected (e.g., string for the x dimension in imagecrop). This is a distinct i...

PHP 5.5.x < 5.5.9 GD Extension Multiple Vulnerabilities

Binary data 8125.prm...