First Last Prev Next    This bug is not in your last search results.
Bug 982009 - (CVE-2013-7456) VUL-0: CVE-2013-7456: php5, php53: imagescale out-of-bounds read
(CVE-2013-7456)
VUL-0: CVE-2013-7456: php5, php53: imagescale out-of-bounds read
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
CVSSv2:RedHat:CVE-2013-7456:2.6:(AV:N...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-05-27 12:41 UTC by Alexander Bergmann
Modified: 2016-08-01 09:56 UTC (History)
0 users

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Swamp Workflow Management 2016-05-27 22:00:25 UTC 
bugbot adjusting priority
Comment 2 Petr Gajdos 2016-05-31 12:13:24 UTC 
Tested with 13.2 and 12, others are not affected (no imagescale).

Installed packages: php5, php5-gd

BEFORE:

$ USE_ZEND_ALLOC=0 valgrind php test.php
.. valgrind errors ..
$

AFTER:

$ USE_ZEND_ALLOC=0 valgrind php test.php
$
Comment 3 Petr Gajdos 2016-05-31 13:04:21 UTC 
$ cat test.php
<?php

$img = imagecreatetruecolor ( 100, 100);
imagescale($img, 13, 1, IMG_BICUBIC);
?>
$
Comment 4 Petr Gajdos 2016-06-01 11:19:03 UTC 
Packages submitted.
Comment 5 Bernhard Wiedemann 2016-06-01 12:01:18 UTC 
This is an autogenerated message for OBS integration:
This bug (982009) was mentioned in
https://build.opensuse.org/request/show/399462 13.2 / php5
Comment 7 Swamp Workflow Management 2016-06-11 12:17:01 UTC 
openSUSE-SU-2016:1553-1: An update that fixes 13 vulnerabilities is now available.

Category: security (important)
Bug References: 976775,980366,980373,980375,981049,981050,981061,982009,982010,982011,982012,982013,982162
CVE References: CVE-2013-7456,CVE-2015-4116,CVE-2015-8873,CVE-2015-8874,CVE-2015-8876,CVE-2015-8877,CVE-2015-8879,CVE-2016-3074,CVE-2016-5093,CVE-2016-5094,CVE-2016-5095,CVE-2016-5096,CVE-2016-5114
Sources used:
openSUSE 13.2 (src):    php5-5.6.1-66.1
Comment 8 Swamp Workflow Management 2016-06-20 14:09:25 UTC 
SUSE-SU-2016:1633-1: An update that fixes 8 vulnerabilities is now available.

Category: security (moderate)
Bug References: 981049,981050,981061,982009,982010,982011,982012,982013
CVE References: CVE-2013-7456,CVE-2015-8876,CVE-2015-8877,CVE-2015-8879,CVE-2016-5093,CVE-2016-5094,CVE-2016-5095,CVE-2016-5096
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    imap-2007e_suse-19.1
SUSE Linux Enterprise Workstation Extension 12 (src):    imap-2007e_suse-19.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    imap-2007e_suse-19.1, php5-5.5.14-64.5
SUSE Linux Enterprise Software Development Kit 12 (src):    imap-2007e_suse-19.1, php5-5.5.14-64.5
SUSE Linux Enterprise Module for Web Scripting 12 (src):    imap-2007e_suse-19.1, php5-5.5.14-64.5
SUSE Linux Enterprise Desktop 12-SP1 (src):    imap-2007e_suse-19.1
SUSE Linux Enterprise Desktop 12 (src):    imap-2007e_suse-19.1
Comment 9 Swamp Workflow Management 2016-06-27 13:10:25 UTC 
openSUSE-SU-2016:1688-1: An update that fixes 8 vulnerabilities is now available.

Category: security (moderate)
Bug References: 981049,981050,981061,982009,982010,982011,982012,982013
CVE References: CVE-2013-7456,CVE-2015-8876,CVE-2015-8877,CVE-2015-8879,CVE-2016-5093,CVE-2016-5094,CVE-2016-5095,CVE-2016-5096
Sources used:
openSUSE Leap 42.1 (src):    imap-2007e_suse-22.1, php5-5.5.14-53.1
Comment 10 Marcus Meissner 2016-08-01 09:56:29 UTC 
all released
First Last Prev Next    This bug is not in your last search results.