Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 501312 (CVE-2013-7226) - <dev-lang/php-5.5.9: "imagecrop()" Buffer Overflow Vulnerabilities (CVE-2013-7226)
Summary: <dev-lang/php-5.5.9: "imagecrop()" Buffer Overflow Vulnerabilities (CVE-2013-...
Alias: CVE-2013-7226
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
Whiteboard: A2 [glsa]
Depends on:
Reported: 2014-02-14 16:10 UTC by Agostino Sarubbo
Modified: 2014-08-31 11:27 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2014-02-14 16:10:33 UTC
From ${URL} :


Some vulnerabilities have been reported in PHP, which can be exploited by malicious people to potentially 
compromise a vulnerable system.

The vulnerabilities are caused due to some errors related to the "imagecrop()" function implementation and 
can be exploited to cause heap-based buffer overflows.

Successful exploitation may allow execution of arbitrary code.

The vulnerabilities are reported in 5.5.x versions prior to 5.5.9. Other versions may also be affected.

Update to version 5.5.9.

Provided and/or discovered by:
kuba.brecka within a bug ticket.

Original Advisory:

@maintainer(s): since the fixed package is already in the tree, please let us know if it is ready for the stabilization or not.
Comment 1 Ole Markus With (RETIRED) gentoo-dev 2014-02-14 19:05:19 UTC
Go ahead and stabilise
Comment 2 Yury German Gentoo Infrastructure gentoo-dev 2014-02-15 19:17:37 UTC
Arches, please test and mark stable:


Target Keywords : "alpha amd64 arm hppa ia64 ppc ppc64 spark x86"

Thank you!
Comment 3 Agostino Sarubbo gentoo-dev 2014-02-15 21:18:49 UTC
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2014-02-15 21:28:26 UTC
x86 stable
Comment 5 Agostino Sarubbo gentoo-dev 2014-02-16 07:35:14 UTC
alpha stable
Comment 6 Agostino Sarubbo gentoo-dev 2014-02-16 12:05:51 UTC
ia64 stable
Comment 7 Jeroen Roovers (RETIRED) gentoo-dev 2014-02-16 15:15:20 UTC
Stable for HPPA.
Comment 8 Agostino Sarubbo gentoo-dev 2014-02-17 21:08:16 UTC
arm stable
Comment 9 Agostino Sarubbo gentoo-dev 2014-02-20 14:04:21 UTC
ppc64 stable
Comment 10 Agostino Sarubbo gentoo-dev 2014-02-20 14:05:23 UTC
ppc stable
Comment 11 Agostino Sarubbo gentoo-dev 2014-02-22 07:41:05 UTC
sparc stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 12 Yury German Gentoo Infrastructure gentoo-dev 2014-05-15 05:03:28 UTC
Arches and Mainter(s), Thank you for your work.

Added to an existing GLSA request.
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2014-08-31 11:27:03 UTC
This issue was resolved and addressed in
 GLSA 201408-11 at
by GLSA coordinator Kristian Fiskerstrand (K_F).