An integer overflow flaw, leading to a heap-based buffer overflow, was found in gd. A specially crafted image, when converted to webp, could cause the application to crash or potentially execute arbitrary code.
An integer overflow flaw, leading to a heap-based buffer overflow, was found in gd. A specially crafted image, when converted to webp, could cause the application to crash or potentially execute arbitrary code.
https://bugs.php.net/bug.php?id=73003 https://github.com/libgd/libgd/issues/308 http://seclists.org/oss-sec/2016/q3/639