CESA-2017:3221 -- centos 7 phpID: oval:org.secpod.oval:def:204703 | Date: (C)2017-12-11 (M)2022-10-10 |
Class: PATCH | Family: unix |
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: * A null pointer dereference flaw was found in libgd. An attacker could use a specially-crafted .gd2 file to cause an application linked with libgd to crash, leading to denial of service. * An integer overflow flaw, leading to a heap-based buffer overflow was found in the way libgd read some specially-crafted gd2 files. A remote attacker could use this flaw to crash an application compiled with libgd or in certain cases execute arbitrary code with the privileges of the user running that application