ALAS-2014-314 ---- php55ID: oval:org.secpod.oval:def:1600163 | Date: (C)2016-01-05 (M)2023-12-07 |
Class: PATCH | Family: unix |
A denial of service flaw was found in the way the File Information extension handled indirect rules. A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU. The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check return values, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid imagecrop arguments that lead to use of a NULL pointer as a return value, a different vulnerability than CVE-2013-7226 .
Platform: |
Amazon Linux AMI |