CVE-2016-10167

Опубликовано: 15 мар. 2017

Источник: debian

EPSS Низкий

Описание

The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
php7.1	fixed	7.1.1-1		package
php7.0	fixed	7.0.15-1		package
php5	removed			package
php5	fixed	5.6.30+dfsg-0+deb8u1	jessie	package
libgd2	fixed	2.2.4-1		package

Примечания

PHP Bug: https://bugs.php.net/bug.php?id=73868
Fixed in PHP 7.1.1, 7.0.15, 5.6.30
https://github.com/libgd/libgd/commit/fe9ed49dafa993e3af96b6a5a589efeea9bfb36f
https://www.openwall.com/lists/oss-security/2017/01/26/1

EPSS

Процентиль: 76%

0.00975

Низкий

Связанные уязвимости

CVE-2016-10167

CVSS3: 5.5

ubuntu

больше 8 лет назад

The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file.

CVE-2016-10167

CVSS3: 5.3

redhat

около 9 лет назад

The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file.

CVE-2016-10167

CVSS3: 5.5

nvd

больше 8 лет назад

The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file.

GHSA-v5rm-77g4-wp7f

CVSS3: 5.5

github

больше 3 лет назад

The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file.

BDU:2017-00762

fstec

больше 8 лет назад

Уязвимость графической библиотеки GD Graphics Library, позволяющая нарушителю оказать неопределенное воздействие

EPSS

Процентиль: 76%

0.00975

Низкий