Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2016-9933

Опубликовано: 04 янв. 2017
Источник: debian
EPSS Низкий

Описание

Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libgd2fixed2.2.2-29-g3c2b605-1package
php7.0fixed7.0.13-1package
php5removedpackage

Примечания

  • This problem could be seen as a programmer fault but the fix is easy and

  • the effect is rather dramatic so it should be fixed anyway.

  • https://github.com/libgd/libgd/commit/77f619d48259383628c3ec4654b1ad578e9eb40e (gd-2.2.2)

  • Scope of CVE is only the missing "color < 0" test in older versions.

  • GD release info: https://libgd.github.io/release-2.2.2.html

  • Fixed in PHP 5.6.28, 7.0.13 and 7.1.0

  • PHP Bug: https://bugs.php.net/bug.php?id=72696

  • Fixed by: https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1

  • Starting with 5.4.0-1 Debian uses the system copy of libgd

  • https://www.openwall.com/lists/oss-security/2016/12/12/2

EPSS

Процентиль: 90%
0.05329
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2016-9933

CVSS3: 7.5
ubuntu
больше 8 лет назад

Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.

redhat логотип

CVE-2016-9933

CVSS3: 3.3
redhat
больше 8 лет назад

Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.

nvd логотип

CVE-2016-9933

CVSS3: 7.5
nvd
больше 8 лет назад

Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.

suse-cvrf логотип

openSUSE-SU-2017:0006-1

suse-cvrf
больше 8 лет назад

Security update for gd

suse-cvrf логотип

SUSE-SU-2016:3251-1

suse-cvrf
больше 8 лет назад

Security update for gd

EPSS

Процентиль: 90%
0.05329
Низкий