Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2015-8877

Опубликовано: 22 мая 2016
Источник: debian
EPSS Низкий

Описание

The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service (memory consumption) via a crafted call, as demonstrated by a call to the PHP imagescale function.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libgd2fixed2.2.1-1package
libgd2not-affectedwheezypackage
php5fixed5.6.12+dfsg-1package
php5fixed5.6.12+dfsg-0+deb8u1jessiepackage
php7.0fixed7.0.0-1package

Примечания

  • https://github.com/libgd/libgd/commit/4751b606fa38edc456d627140898a7ec679fcc24 (gd-2.2.0)

  • https://github.com/libgd/libgd/issues/173

  • PHP bug: https://bugs.php.net/bug.php?id=70064

  • Fixed in PHP 5.6.12, 7.0.0

  • Starting with 5.4.0-1 Debian uses the system copy of libgd

EPSS

Процентиль: 84%
0.0231
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2015-8877

CVSS3: 7.5
ubuntu
около 9 лет назад

The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service (memory consumption) via a crafted call, as demonstrated by a call to the PHP imagescale function.

redhat логотип

CVE-2015-8877

redhat
почти 10 лет назад

The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service (memory consumption) via a crafted call, as demonstrated by a call to the PHP imagescale function.

nvd логотип

CVE-2015-8877

CVSS3: 7.5
nvd
около 9 лет назад

The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service (memory consumption) via a crafted call, as demonstrated by a call to the PHP imagescale function.

github логотип

GHSA-pw83-9cfw-pfm6

CVSS3: 7.5
github
около 3 лет назад

The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service (memory consumption) via a crafted call, as demonstrated by a call to the PHP imagescale function.

fstec логотип

BDU:2016-01473

fstec
около 9 лет назад

Уязвимость интерпретатора PHP, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 84%
0.0231
Низкий