CVE-2013-7226
Integer overflow in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an imagecrop function call with a large x dimension value, leading to a heap-based buffer overflow.
We have discovered 1,071,915 live websites that are affected by CVE-2013-7226.
Affected Software
| Product |  PHP |
| Category | Programming Languages |
| Vulnerable Domains | 1,071,915 live websites (12.28% of PHP install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 171 versions ( 31.26% of all versions) |
Details
- Published - Feb 18, 2014
- Updated - Aug 6, 2024
CVE References
CVE-2013-7226 usage by Country
 United States | 270,673 websites |
 Russia | 116,652 websites |
 Taiwan | 108,648 websites |
 Germany | 80,665 websites |
 Japan | 68,663 websites |
 France | 65,348 websites |
 Netherlands | 42,316 websites |
 China | 38,198 websites |
 Korea, South | 20,870 websites |
CVE-2013-7226 usage by TLD
| .com | 470,381 websites |
| .ru | 102,198 websites |
| .de | 62,019 websites |
| .net | 43,067 websites |
| .nl | 29,066 websites |
| .org | 26,481 websites |
| .fr | 22,165 websites |
| .jp | 18,877 websites |
| .info | 14,889 websites |
| .cz | 13,802 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2013-7226
Top websites that are affected by CVE-2013-7226. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *****.***********.com |  Canada | *** | |
| **********.com | United States | *** | |
| ************.***.ar |  Argentina | *,*** | |
| ******************.com | United States | *,*** | |
| ***.org | United States | *,*** | |
| ****.com | United States | *,*** | |
| ********.com | United States | *,*** | |
| *******.org | United States | *,*** | |
| ****.***********.de | Germany | *,*** | |
| *************.com |  GB | *,*** |
FAQ
A total of 1,071,915 websites have been identified as vulnerable to CVE-2013-7226, discovered through global website indexing conducted by WebTechSurvey.
PHP is susceptible to CVE-2013-7226 vulnerability.
PHP versions before 5.5.9 are vulnerable to CVE-2013-7226.
Version 5.5.9 of PHP addresses the CVE-2013-7226 security vulnerability.
References
- http://secunia.com/advisories/56829
- http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=8f4a5373bb71590352fd934028d6dde5bc18530b
- http://www.securityfocus.com/bid/65533
- https://bugzilla.redhat.com/show_bug.cgi?id=1065108
- https://github.com/php/php-src/commit/2938329ce19cb8c4197dec146c3ec887c6f61d01
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:027
- http://www.php.net/ChangeLog-5.php
- http://www.securitytracker.com/id/1029767
- https://exchange.xforce.ibmcloud.com/vulnerabilities/91099
- http://www.ubuntu.com/usn/USN-2126-1
- https://bugs.php.net/bug.php?id=66356