CVE-2014-2020

Name of the Vulnerable Software and Affected Versions PHP versions 5.5.x before 5.5.9

Description The issue allows remote attackers to obtain sensitive information by using incorrect data types, such as a string or array in place of a numeric data type. This can be demonstrated by an imagecrop function call with a string for the x dimension value.

Recommendations For PHP versions 5.5.x before 5.5.9, update to version 5.5.9 or later to resolve the issue. As a temporary workaround, consider validating and sanitizing user input to ensure correct data types are used, especially for functions like imagecrop that expect numeric values.