EUVD-2014-2072

Malware in sbrugna...

K15653: Multiple PHP vulnerabilities

Security Advisory Description Description Following are descriptions of various PHP gdImageCrop vulnerabilities: CVE-2013-7226 Integer overflow in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allows remote attackers to cause a denial of service application crash or possibly...

K15648: PHP vulnerability CVE-2014-2020

Security Advisory Description ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a 1 string or 2 array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string f...

SUSE CVE-2014-2020

ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a 1 string or 2 array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string for the x dimension value, a...

Fedora 19 : php-5.5.10-1.fc19 (2014-3537)

Excerpt from upstream NEWS: 06 Mar 2014, PHP 5.5.10 Core : - Fixed Request 66574i Allow multiple paths in phpiniscannedpath. Remi Date : - Fixed bug 45528 Allow the DateTimeZone constructor to accept timezones per offset too. Derick Fileinfo : - Fixed bug 66731 file: infinite recursion...

USN-2126-1] PHP vulnerabilities

========================================================================== Ubuntu Security Notice USN-2126-1 March 03, 2014 php5 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...

Ubuntu Update for php5 USN-2126-1

Check for the Version of php5 OpenVAS Vulnerability Test $Id: gbubuntuUSN21261.nasl 7957 2017-12-01 06:40:08Z santu $ Ubuntu Update for php5 USN-2126-1 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you...

Ubuntu: Security Advisory (USN-2126-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 : php5 vulnerabilities (USN-2126-1)

Bernd Melchers discovered that PHP's embedded libmagic library incorrectly handled indirect offset values. An attacker could use this issue to cause PHP to consume resources or crash, resulting in a denial of service. CVE-2014-1943 It was discovered that PHP incorrectly handled certain values whe...

USN-2126-1: PHP vulnerabilities

Bernd Melchers discovered that PHP's embedded libmagic library incorrectly handled indirect offset values. An attacker could use this issue to cause PHP to consume resources or crash, resulting in a denial of service. CVE-2014-1943 It was discovered that PHP incorrectly handled certain values whe...

PHP 'ext/gd/gd.c' gdImageCrop整数符号错误漏洞

CVE ID:CVE-2013-7328 PHP是一种HTML内嵌式的语言。 PHP 'ext/gd/gd.c' gdImageCrop函数存在多个整数符号错误，允许远程攻击者通过调用x或Y维度为负值的imagecrop函数，可使应用程序崩溃或获取敏感信息。 0 PHP 5.5.x PHP 5.5.9已经修复该漏洞，建议用户下载更新： http://php.net...

CVE-2014-2020

ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a 1 string or 2 array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string for the x dimension value, a...

Null pointer dereference

The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check return values, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via invalid imagecrop arguments that lead to use of a NULL pointer as a return...

CVE-2014-2020

ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a 1 string or 2 array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string for the x dimension value, a...

CVE-2014-2020

ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a 1 string or 2 array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string for the x dimension value, a...

CVE-2013-7226

Integer overflow in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via an imagecrop function call with a large x dimension value, leading to a heap-based buffer...

Mandriva Linux Security Advisory : php (MDVSA-2014:027)

A vulnerability has been discovered and corrected in php : - Fixed bug 66356 Heap Overflow Vulnerability in imagecrop CVE-2013-7226. The updated php packages have been upgraded to the 5.5.9 version which is not vulnerable to this issue. Additionally, the PECL packages which requires so has been...