Published: 04/01/2017 Updated: 04/05/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) prior to 2.2.2, as used in PHP prior to 5.6.28 and 7.x prior to 7.0.13, allows remote malicious users to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libgd libgd 2.2.1

Synopsis Moderate: rh-php70-php security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for rh-php70-php is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerabilit ...

Debian Bug report logs - #849038 libgd2: CVE-2016-9933: imagefilltoborder stackoverflow on truecolor images Package: libgd2; Maintainer for libgd2 is GD Team <team+gd@trackerdebianorg>; Reported by: Balint Reczey <balint@balintreczeyhu> Date: Thu, 22 Dec 2016 02:33:02 UTC Severity: serious Tags: fixed-upstream, se ...

The GD library could be made to crash or run programs if it processed a specially crafted image file ...

The SplObjectStorage unserialize implementation in ext/spl/spl_observerc in PHP before 7012 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data (CVE-2016-7480) Use-after-free vulnerability in the CURLFile implement ...

A vulnerability was found in gd Integer underflow in a calculation in dynamicGetbuf() was incorrectly handled, leading in some circumstances to an out of bounds write through a very large argument to memcpy() An attacker could create a crafted image that would lead to a crash or, potentially, code execution (CVE-2016-8670) Use-after-free vulnera ...

An infinite recursion flaw was found in the gdImageFillToBorder() function from the gd library; also used by PHP imagefilltoborder() function, when passing a negative integer as the color parameter, triggering a stack overflow A remote attacker with ability to force a negative color identifier when calling the function could crash the PHP applicat ...

Stack consumption vulnerability has been discovered in the gdImageFillToBorder function in gdc in the GD Graphics Library (aka libgd) before 222, as used in PHP before 5628 and 7x before 7013, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative co ...

CWE-119 https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1 https://github.com/libgd/libgd/issues/215 https://github.com/libgd/libgd/commit/77f619d48259383628c3ec4654b1ad578e9eb40e https://bugs.php.net/bug.php?id=72696 http://www.php.net/ChangeLog-7.php http://www.php.net/ChangeLog-5.php http://www.openwall.com/lists/oss-security/2016/12/12/2 http://www.securityfocus.com/bid/94865 http://lists.opensuse.org/opensuse-updates/2017-01/msg00002.html http://lists.opensuse.org/opensuse-updates/2016-12/msg00142.html http://lists.opensuse.org/opensuse-updates/2016-12/msg00133.html http://www.debian.org/security/2017/dsa-3751 http://lists.opensuse.org/opensuse-updates/2017-01/msg00054.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00034.html https://access.redhat.com/errata/RHSA-2018:1296 https://access.redhat.com/errata/RHSA-2018:1296 https://usn.ubuntu.com/3213-1/https://nvd.nist.gov

CVE-2016-9933

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect