Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-8670

Опубликовано: 10 окт. 2016
Источник: redhat
CVSS3: 8.1
CVSS2: 5.1
EPSS Низкий

Описание

Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted imagecreatefromstring call.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5gdWill not fix
Red Hat Enterprise Linux 5phpWill not fix
Red Hat Enterprise Linux 5php53Will not fix
Red Hat Enterprise Linux 6gdWill not fix
Red Hat Enterprise Linux 6phpWill not fix
Red Hat Enterprise Linux 7gdWill not fix
Red Hat Enterprise Linux 7phpWill not fix
Red Hat OpenShift Enterprise 2gdWill not fix
Red Hat OpenShift Enterprise 2phpWill not fix
Red Hat Software Collectionsrh-php56-phpWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-121
https://bugzilla.redhat.com/show_bug.cgi?id=1391068php: Stack based buffer overflow in dynamicGetbuf

EPSS

Процентиль: 82%
0.01746
Низкий

8.1 High

CVSS3

5.1 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-8670

CVSS3: 9.8
ubuntu
больше 8 лет назад

Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted imagecreatefromstring call.

nvd логотип

CVE-2016-8670

CVSS3: 9.8
nvd
больше 8 лет назад

Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted imagecreatefromstring call.

debian логотип

CVE-2016-8670

CVSS3: 9.8
debian
больше 8 лет назад

Integer signedness error in the dynamicGetbuf function in gd_io_dp.c i ...

github логотип

GHSA-7hrm-234x-37p5

CVSS3: 9.8
github
около 3 лет назад

Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted imagecreatefromstring call.

fstec логотип

BDU:2017-01656

fstec
больше 8 лет назад

Уязвимость функции dynamicGetbuf в gd_io_dp.c графической библиотеки GD Graphics Library, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие

EPSS

Процентиль: 82%
0.01746
Низкий

8.1 High

CVSS3

5.1 Medium

CVSS2