Philip Olausson

Name of the Vulnerable Software and Affected Versions: PHP versions prior to 4.4.8 PHP versions prior to 5.2.4 Description: The issue allows remote attackers to bypass safe mode and open basedir restrictions in PHP via MySQL LOCAL INFILE operations. This can be achieved by a query with LOAD DATA LOCAL INFILE. Recommendations: For PHP versions prior to 4.4.8, update to version 4.4.8 or later to resolve the issue. For PHP versions prior to 5.2.4, update to version 5.2.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** libgd2-xpm-dev versions prior to 5.2.4 libgd2-noxpm versions prior to 5.2.4 libgd2-noxpm-dev versions prior to 5.2.4 libgd2-xpm versions prior to 5.2.4 **Description** The issue involves multiple integer overflows in the libgd library, which can lead to a denial of service (application crash) and possibly allow remote attackers to execute arbitrary code. This can be achieved by providing a large value to certain functions, such as `gdImageCopyResized`, `gdImageCreate`, or `gdImageCreateTrueColor`. The vulnerability can be exploited remotely, potentially disrupting the confidentiality, integrity, and availability of protected information. **Recommendations** For libgd2-xpm-dev versions prior to 5.2.4, update to version 5.2.4 or later to resolve the issue. For libgd2-noxpm versions prior to 5.2.4, update to version 5.2.4 or later to resolve the issue. For libgd2-noxpm-dev versions prior to 5.2.4, update to version 5.2.4 or later to resolve the issue. For libgd2-xpm versions prior to 5.2.4, update to version 5.2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable functions, such as `gdImageCopyResized`, `gdImageCreate`, or `gdImageCreateTrueColor`, until a patch is available.