Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) up to and including 2.2.3, as used in PHP prior to 5.6.28 and 7.x prior to 7.0.13, allows remote malicious users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted imagecreatefromstring call.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
libgd libgd |