#VU11344 Null pointer dereference in PHP
Published: March 29, 2018
Vulnerability identifier: #VU11344
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-476
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
PHP
PHP
Software vendor:
PHP Group
PHP Group
Description
The vulnerability allows a local attacker to bypass security restrictions on the target system.
The weakness exists due to an error when image resource created by imagecreate function which is not truecolor will treat as truecolor in gdImageSetAAPixelColor function when antialias option is on even 'im->tpixels' is null. A remote attacker can trigger NULL pointer dereference and cause the service to crash.
The weakness exists due to an error when image resource created by imagecreate function which is not truecolor will treat as truecolor in gdImageSetAAPixelColor function when antialias option is on even 'im->tpixels' is null. A remote attacker can trigger NULL pointer dereference and cause the service to crash.
Remediation
Update to version 7.2.4.