Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2016-7568

Published: 28/09/2016 Updated: 07/03/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Libgd

Vulnerability Summary

Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) up to and including 2.2.3, as used in PHP up to and including 7.0.11, allows remote malicious users to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted imagewebp and imagedestroy calls.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

libgd libgd

php php

debian debian linux 8.0

Vendor Advisories

Ubuntu Security Notice: libgd2 vulnerabilities
The GD library could be made to crash or run programs if it processed a specially crafted image file ...
Debian CVElist Bug Report Logs: libgd2: CVE-2016-6911: invalid read in gdImageCreateFromTiffPtr()
Debian Bug report logs - #840806 libgd2: CVE-2016-6911: invalid read in gdImageCreateFromTiffPtr() Package: src:libgd2; Maintainer for src:libgd2 is GD Team <team+gd@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 15 Oct 2016 05:09:05 UTC Severity: grave Tags: patch, security, up ...
Debian CVElist Bug Report Logs: libgd2: CVE-2016-7568: Integer overflow in gdImageWebpCtx
Debian Bug report logs - #839659 libgd2: CVE-2016-7568: Integer overflow in gdImageWebpCtx Package: src:libgd2; Maintainer for src:libgd2 is GD Team <team+gd@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 3 Oct 2016 15:27:02 UTC Severity: grave Tags: fixed-upstream, patch, secu ...
Debian CVElist Bug Report Logs: libgd2: CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf
Debian Bug report logs - #840805 libgd2: CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf Package: src:libgd2; Maintainer for src:libgd2 is GD Team <team+gd@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 15 Oct 2016 05:03:01 UTC Severity: grave Tags: security, upstream ...
Red Hat: CVE-2016-7568
An integer overflow flaw, leading to a heap-based buffer overflow, was found in gd A specially crafted image, when converted to webp, could cause the application to crash or potentially execute arbitrary code ...
Arch Linux Issues:
An integer overflow flaw, leading to a heap-based buffer overflow, was found in gd A specially crafted image, when converted to webp, could cause the application to crash or potentially execute arbitrary code ...

References

CWE-190https://github.com/libgd/libgd/issues/308https://github.com/libgd/libgd/commit/40bec0f38f50e8510f5bb71a82f516d46facde03https://bugs.php.net/bug.php?id=73003https://github.com/php/php-src/commit/c18263e0e0769faee96a5d0ee04b750c442783c6http://www.securityfocus.com/bid/93184https://security.gentoo.org/glsa/201612-09http://www.debian.org/security/2016/dsa-3693https://usn.ubuntu.com/3117-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcodedarbitrary codeCVE-2024-2404CVE-2024-21111CVE-2024-28627CVE-2024-4073information disclosureCVE-2024-32780CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook