Published: 04/01/2017 Updated: 07/11/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) up to and including 2.2.3, as used in PHP prior to 5.6.28 and 7.x prior to 7.0.13, allows remote malicious users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted imagecreatefromstring call.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libgd libgd

The GD library could be made to crash or run programs if it processed a specially crafted image file ...

Debian Bug report logs - #839659 libgd2: CVE-2016-7568: Integer overflow in gdImageWebpCtx Package: src:libgd2; Maintainer for src:libgd2 is GD Team <team+gd@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 3 Oct 2016 15:27:02 UTC Severity: grave Tags: fixed-upstream, patch, secu ...

Debian Bug report logs - #840806 libgd2: CVE-2016-6911: invalid read in gdImageCreateFromTiffPtr() Package: src:libgd2; Maintainer for src:libgd2 is GD Team <team+gd@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 15 Oct 2016 05:09:05 UTC Severity: grave Tags: patch, security, up ...

Debian Bug report logs - #840805 libgd2: CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf Package: src:libgd2; Maintainer for src:libgd2 is GD Team <team+gd@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 15 Oct 2016 05:03:01 UTC Severity: grave Tags: security, upstream ...

A vulnerability was found in gd Integer underflow in a calculation in dynamicGetbuf() was incorrectly handled, leading in some circumstances to an out of bounds write through a very large argument to memcpy() An attacker could create a crafted image that would lead to a crash or, potentially, code execution (CVE-2016-8670) Use-after-free vulnera ...

Integer signedness error in the dynamicGetbuf function in gd_io_dpc in the GD Graphics Library (aka libgd) through 223, as used in PHP before 5628 and 7x before 7013, allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted imagecreatefromstring call ...

A vulnerability was found in gd Integer underflow in a calculation in dynamicGetbuf() was incorrectly handled, leading in some circumstances to an out of bounds write through a very large argument to memcpy() An attacker could create a crafted image that would lead to a crash or, potentially, code execution ...

CWE-119 https://github.com/libgd/libgd/commit/53110871935244816bbb9d131da0bccff734bfe9 https://bugs.php.net/bug.php?id=73280 http://www.php.net/ChangeLog-7.php http://www.php.net/ChangeLog-5.php http://www.openwall.com/lists/oss-security/2016/10/15/1 http://www.securityfocus.com/bid/93594 http://www.debian.org/security/2016/dsa-3693 https://support.f5.com/csp/article/K21336065?utm_source=f5support&%3Butm_medium=RSS https://usn.ubuntu.com/3117-1/https://nvd.nist.gov

CVE-2016-8670

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect