Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-7568

Опубликовано: 02 сент. 2016
Источник: redhat
CVSS3: 7.1
CVSS2: 6
EPSS Низкий

Описание

Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted imagewebp and imagedestroy calls.

An integer overflow flaw, leading to a heap-based buffer overflow, was found in gd. A specially crafted image, when converted to webp, could cause the application to crash or potentially execute arbitrary code.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5gdNot affected
Red Hat Enterprise Linux 5phpNot affected
Red Hat Enterprise Linux 5php53Not affected
Red Hat Enterprise Linux 6gdNot affected
Red Hat Enterprise Linux 6phpNot affected
Red Hat Enterprise Linux 7gdNot affected
Red Hat Enterprise Linux 7phpNot affected
Red Hat OpenShift Enterprise 2gdNot affected
Red Hat OpenShift Enterprise 2phpNot affected
Red Hat Software Collectionsphp54-phpNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-190->CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=1380450php: Integer overflow in gdImageWebpCtx

EPSS

Процентиль: 77%
0.01057
Низкий

7.1 High

CVSS3

6 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-7568

CVSS3: 9.8
ubuntu
почти 9 лет назад

Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted imagewebp and imagedestroy calls.

nvd логотип

CVE-2016-7568

CVSS3: 9.8
nvd
почти 9 лет назад

Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted imagewebp and imagedestroy calls.

debian логотип

CVE-2016-7568

CVSS3: 9.8
debian
почти 9 лет назад

Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD ...

github логотип

GHSA-fphp-jmfp-4vj9

CVSS3: 9.8
github
около 3 лет назад

Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted imagewebp and imagedestroy calls.

fstec логотип

BDU:2022-02406

CVSS3: 9.8
fstec
почти 9 лет назад

Уязвимость функции gdimagewebpctx графической библиотеки GD Graphics Library, интерпретатора языка программирования PHP , позволяющая нарушителю вызвать отказ в обслуживании или, возможно, оказать другое воздействие

EPSS

Процентиль: 77%
0.01057
Низкий

7.1 High

CVSS3

6 Medium

CVSS2