PHP GD Extension Freed Resource Access Code Execution Vulnerability

PHP GD Extension Freed Resource Access Code Execution Vulnerability

PHP is prone to a locally exploitable arbitrary-code-execution vulnerability. This issue stems from a design error.

This issue affects functions from the GD extension. An attacker can execute arbitrary code by gaining access to freed memory and overwriting it with malicious data.

The researcher responsible for discovering this issue has indicated that other extensions may be vulnerable to this attack as well, but this has not been confirmed.

This issue affects PHP 4.x (4.4.6 and prior) as well as 5.x (5.2.1 and prior).