This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided.
Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.2 before 5.2.6-r6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
Mitre Description references "PHP 5.6 through 5.2.6" -- however research to the changelog for PHP 5 does not reflect a 5.6 release
"Those issues are fixed by the recent php-4.4.9 release, but they affect
php-5.2.6 as well and the fixes are not part of any released version in
case of 5.2."
CVSS v2.0 Severity and Metrics:
Access Vector (AV):
Access Complexity (AC):
Allows unauthorized disclosure of information
Allows unauthorized modification
Allows disruption of service