CVE-2013-7456
First published: Sun Aug 07 2016(Updated: )
gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.1.1, as used in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7, allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted image that is mishandled by the imagescale function.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PHP | <7.0.7 | 7.0.7 |
| libgd | =2.1.0 | |
| PHP | <=5.5.35 | |
| PHP | =5.6.0-alpha1 | |
| PHP | =5.6.0-alpha2 | |
| PHP | =5.6.0-alpha3 | |
| PHP | =5.6.0-alpha4 | |
| PHP | =5.6.0-alpha5 | |
| PHP | =5.6.0-beta1 | |
| PHP | =5.6.0-beta2 | |
| PHP | =5.6.0-beta3 | |
| PHP | =5.6.0-beta4 | |
| PHP | =5.6.1 | |
| PHP | =5.6.2 | |
| PHP | =5.6.3 | |
| PHP | =5.6.4 | |
| PHP | =5.6.5 | |
| PHP | =5.6.6 | |
| PHP | =5.6.7 | |
| PHP | =5.6.8 | |
| PHP | =5.6.9 | |
| PHP | =5.6.10 | |
| PHP | =5.6.11 | |
| PHP | =5.6.12 | |
| PHP | =5.6.13 | |
| PHP | =5.6.14 | |
| PHP | =5.6.15 | |
| PHP | =5.6.16 | |
| PHP | =5.6.17 | |
| PHP | =5.6.18 | |
| PHP | =5.6.19 | |
| PHP | =5.6.20 | |
| PHP | =5.6.21 | |
| PHP | =7.0.0 | |
| PHP | =7.0.1 | |
| PHP | =7.0.2 | |
| PHP | =7.0.3 | |
| PHP | =7.0.4 | |
| PHP | =7.0.5 | |
| PHP | =7.0.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://php.net/ChangeLog-5.php
- http://php.net/ChangeLog-7.php
- http://rhn.redhat.com/errata/RHSA-2016-2750.html
- http://www.debian.org/security/2016/dsa-3587
- http://www.debian.org/security/2016/dsa-3602
- http://www.openwall.com/lists/oss-security/2016/05/26/3
- http://www.securityfocus.com/bid/90859
- http://www.ubuntu.com/usn/USN-3030-1
- https://bugs.php.net/bug.php?id=72227
- https://github.com/libgd/libgd/commit/4f65a3e4eedaffa1efcf9ee1eb08f0b504fbc31a
- https://github.com/php/php-src/commit/7a1aac3343af85b4af4df5f8844946eaa27394ab?w=1
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731
- https://www.php.net/ChangeLog-7.php#7.0.7 (Advisory)
Frequently Asked Questions
What is the severity of CVE-2013-7456?
CVE-2013-7456 is classified as a denial of service vulnerability due to an out-of-bounds read.
How do I fix CVE-2013-7456?
To remediate CVE-2013-7456, upgrade the GD Graphics Library to version 2.1.1 or later and ensure PHP is updated to version 5.5.36 or higher, or 5.6.22 or higher, or 7.0.7 or higher.
What versions are affected by CVE-2013-7456?
CVE-2013-7456 affects GD Graphics Library versions prior to 2.1.1 and PHP versions prior to 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7.
Can CVE-2013-7456 lead to an exploit?
CVE-2013-7456 could potentially be exploited by attackers to cause a denial of service through crafted images.
Which software should I check for CVE-2013-7456 vulnerabilities?
Check if you are using vulnerable versions of the GD Graphics Library or PHP that are affected by CVE-2013-7456.
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/description
- agent/event
- agent/source
- collector/php-changelog
- source/PHP
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- vendor/php
- canonical/php
- vendor/libgd
- canonical/libgd
- version/libgd/2.1.0
- version/php/5.5.35
- version/php/5.6.0-alpha1
- version/php/5.6.0-alpha2
- version/php/5.6.0-alpha3
- version/php/5.6.0-alpha4
- version/php/5.6.0-alpha5
- version/php/5.6.0-beta1
- version/php/5.6.0-beta2
- version/php/5.6.0-beta3
- version/php/5.6.0-beta4
- version/php/5.6.1
- version/php/5.6.2
- version/php/5.6.3
- version/php/5.6.4
- version/php/5.6.5
- version/php/5.6.6
- version/php/5.6.7
- version/php/5.6.8
- version/php/5.6.9
- version/php/5.6.10
- version/php/5.6.11
- version/php/5.6.12
- version/php/5.6.13
- version/php/5.6.14
- version/php/5.6.15
- version/php/5.6.16
- version/php/5.6.17
- version/php/5.6.18
- version/php/5.6.19
- version/php/5.6.20
- version/php/5.6.21
- version/php/7.0.0
- version/php/7.0.1
- version/php/7.0.2
- version/php/7.0.3
- version/php/7.0.4
- version/php/7.0.5
- version/php/7.0.6