Published: 22/05/2016 Updated: 05/01/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) prior to 2.2.0, as used in PHP prior to 5.6.12, uses inconsistent allocate and free approaches, which allows remote malicious users to cause a denial of service (memory consumption) via a crafted call, as demonstrated by a call to the PHP imagescale function.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libgd libgd
php php

Synopsis Moderate: rh-php56 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for rh-php56, rh-php56-php, and rh-php56-php-pear is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Mo ...

The GD library could be made to crash or run programs if it processed a specially crafted image file ...

The gdImageScaleTwoPass function in gd_interpolationc in the GD Graphics Library (aka libgd) before 220, as used in PHP before 5612, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service (memory consumption) via a crafted call, as demonstrated by a call to the PHP imagescale function ...

CWE-399 https://github.com/libgd/libgd/issues/173 https://github.com/libgd/libgd/commit/4751b606fa38edc456d627140898a7ec679fcc24 http://www.php.net/ChangeLog-5.php https://bugs.php.net/bug.php?id=70064 http://www.debian.org/security/2016/dsa-3587 http://www.ubuntu.com/usn/USN-2987-1 http://rhn.redhat.com/errata/RHSA-2016-2750.html https://access.redhat.com/errata/RHSA-2016:2750 https://usn.ubuntu.com/2987-1/https://nvd.nist.gov

CVE-2015-8877

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect