Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-9933

Опубликовано: 08 дек. 2016
Источник: redhat
CVSS3: 3.3
CVSS2: 4.3
EPSS Средний

Описание

Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.

An infinite recursion flaw was found in the gdImageFillToBorder() function from the gd library; also used by PHP imagefilltoborder() function, when passing a negative integer as the color parameter, triggering a stack overflow. A remote attacker with ability to force a negative color identifier when calling the function could crash the PHP application, causing a Denial of Service.

Отчет

Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5gdWill not fix
Red Hat Enterprise Linux 5phpWill not fix
Red Hat Enterprise Linux 5php53Will not fix
Red Hat Enterprise Linux 6gdWill not fix
Red Hat Enterprise Linux 6phpWill not fix
Red Hat Enterprise Linux 7gdWill not fix
Red Hat Enterprise Linux 7phpWill not fix
Red Hat OpenShift Enterprise 2gdWill not fix
Red Hat OpenShift Enterprise 2phpWill not fix
Red Hat Software Collectionsrh-php56-phpWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=1404723gd: Stack overflow in gdImageFillToBorder on truecolor images

EPSS

Процентиль: 93%
0.11233
Средний

3.3 Low

CVSS3

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-9933

CVSS3: 7.5
ubuntu
больше 8 лет назад

Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.

nvd логотип

CVE-2016-9933

CVSS3: 7.5
nvd
больше 8 лет назад

Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.

debian логотип

CVE-2016-9933

CVSS3: 7.5
debian
больше 8 лет назад

Stack consumption vulnerability in the gdImageFillToBorder function in ...

suse-cvrf логотип

openSUSE-SU-2017:0006-1

suse-cvrf
больше 8 лет назад

Security update for gd

suse-cvrf логотип

SUSE-SU-2016:3251-1

suse-cvrf
больше 8 лет назад

Security update for gd

EPSS

Процентиль: 93%
0.11233
Средний

3.3 Low

CVSS3

4.3 Medium

CVSS2