Note: getimage size doesn't attempt to validate image file formats
It is possible for malformed GIF images to contain PHP and still have valid dimensions.
Programmers need to ensure such images are validated by other tools, or never treated as PHP or other executable types (enforcing appropriate extensions, avoiding user controlled renaming, restricting uploaded images to areas of the website where PHP is not enabled).
http://ha.ckers.org/blog/20070604/passing-malicious-php-through-getimagesize/