Denial of Service (DoS) Affecting php package, versions [,5.5.9)


Severity

Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.31% (70th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-UNMANAGED-PHP-2335051
  • published12 Jan 2022
  • disclosed18 Feb 2014
  • creditUnknown

Introduced: 18 Feb 2014

CVE-2014-2020  (opens in a new tab)
CWE-189  (opens in a new tab)

How to fix?

Upgrade php to version 5.5.9 or higher.

Overview

Affected versions of this package are vulnerable to Denial of Service (DoS) ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a (1) string or (2) array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string for the x dimension value, a different vulnerability than CVE-2013-7226.

CVSS Scores

version 3.1