CVE-2016-6128

Опубликовано: 27 июн. 2016

Источник: redhat

CVSS3: 3.7

CVSS2: 4.3

Описание

The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index.

It was found that libgd did not properly handle invalid color indexes in GD files. An attacker who could submit a crafted GD file for conversion could cause applications using libgd to crash, leading to denial of service.

Отчет

Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	gd	Not affected
Red Hat Enterprise Linux 5	libwmf	Not affected
Red Hat Enterprise Linux 5	php	Not affected
Red Hat Enterprise Linux 5	php53	Not affected
Red Hat Enterprise Linux 6	gd	Not affected
Red Hat Enterprise Linux 6	libwmf	Not affected
Red Hat Enterprise Linux 6	php	Not affected
Red Hat Enterprise Linux 7	gd	Not affected
Red Hat Enterprise Linux 7	libwmf	Not affected
Red Hat Enterprise Linux 7	php	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-20

https://bugzilla.redhat.com/show_bug.cgi?id=1351603gd: Invalid color index not properly handled

3.7 Low

CVSS3

4.3 Medium

CVSS2

Связанные уязвимости

CVE-2016-6128

CVSS3: 7.5

ubuntu

почти 9 лет назад

CVE-2016-6128

CVSS3: 7.5

nvd

почти 9 лет назад

CVE-2016-6128

CVSS3: 7.5

debian

почти 9 лет назад

The gdImageCropThreshold function in gd_crop.c in the GD Graphics Libr ...

GHSA-x3xg-pxf8-v7j9

CVSS3: 7.5

github

около 3 лет назад

openSUSE-SU-2016:2363-1

suse-cvrf

почти 9 лет назад

Security update for gd

3.7 Low

CVSS3

4.3 Medium

CVSS2