Vulnerability Name:

CVE-2013-7226 (CCN-91099)

Assigned:2013-12-28
Published:2014-02-12
Updated:2017-08-29
Summary:Integer overflow in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an imagecrop function call with a large x dimension value, leading to a heap-based buffer overflow.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-189
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2013-7226

Source: CONFIRM
Type: Vendor Advisory
http://git.php.net/?p=php-src.git;a=commit;h=8f4a5373bb71590352fd934028d6dde5bc18530b

Source: CCN
Type: SA56829
PHP "imagecrop()" Buffer Overflow Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
56829

Source: CCN
Type: IBM Security Bulletin 1667176
IBM InfoSphere Balanced Warehouse C3000 and C4000, IBM Smart Analytics System 1050 and 2050 are affected by multiple vulnerabilities in PHP

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2014:027

Source: CONFIRM
Type: Vendor Advisory
http://www.php.net/ChangeLog-5.php

Source: BID
Type: UNKNOWN
65533

Source: CCN
Type: BID-65533
PHP 'ext/gd/gd.c' Heap Based Buffer Overflow Vulnerability

Source: SECTRACK
Type: UNKNOWN
1029767

Source: UBUNTU
Type: UNKNOWN
USN-2126-1

Source: CONFIRM
Type: Vendor Advisory
https://bugs.php.net/bug.php?id=66356

Source: CCN
Type: PHP Web site
Heap Overflow Vulnerability in imagecrop()

Source: CCN
Type: Red Hat Bugzilla Bug 1065108
CVE-2013-7226 CVE-2013-7327 CVE-2013-7328 CVE-2014-2020 php: multiple vulnerabilities in gdImageCrop()

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=1065108

Source: XF
Type: UNKNOWN
php-cve20137226-bo(91099)

Source: XF
Type: UNKNOWN
php-cve20137226-bo(91099)

Source: CONFIRM
Type: UNKNOWN
https://github.com/php/php-src/commit/2938329ce19cb8c4197dec146c3ec887c6f61d01

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2013-7226

Vulnerable Configuration:Configuration 1:
  • cpe:/a:php:php:5.5.0:alpha1:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.0:alpha2:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.0:alpha3:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.0:alpha4:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.0:alpha5:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.0:alpha6:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.0:beta4:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.2:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.4:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.5:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.6:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.7:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.8:-:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:php:php:5.5.7:-:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:24369
    P
    		USN-2126-1 -- php5 vulnerabilities
    2014-06-30
    oval:com.ubuntu.precise:def:20137226000
    V
    		CVE-2013-7226 on Ubuntu 12.04 LTS (precise) - medium.
    2014-02-18
    BACK
    php php 5.5.0 alpha1
    php php 5.5.0 alpha2
    php php 5.5.0 alpha3
    php php 5.5.0 alpha4
    php php 5.5.0 alpha5
    php php 5.5.0 alpha6
    php php 5.5.0 beta1
    php php 5.5.0 beta2
    php php 5.5.0 beta3
    php php 5.5.0 beta4
    php php 5.5.0 rc1
    php php 5.5.0 rc2
    php php 5.5.1
    php php 5.5.2
    php php 5.5.3
    php php 5.5.4
    php php 5.5.5
    php php 5.5.6
    php php 5.5.7
    php php 5.5.8
    php php 5.5.7