CVE-2016-9933
Published: 4 January 2017
Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.
Notes
| Author | Note |
|---|---|
| mdeslaur | php uses the system libgd2 |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
libgd2 Launchpad, Ubuntu, Debian |
precise |
Released
(2.0.36~rc1~dfsg-6ubuntu2.4)
|
| trusty |
Released
(2.1.0-3ubuntu0.6)
|
|
| upstream |
Released
(2.2.2)
|
|
| xenial |
Released
(2.1.1-4ubuntu0.16.04.6)
|
|
| yakkety |
Released
(2.2.1-1ubuntu3.3)
|
|
|
Patches: upstream: https://github.com/libgd/libgd/commit/77f619d48259383628c3ec4654b1ad578e9eb40e |
||
|
php5 Launchpad, Ubuntu, Debian |
precise |
Not vulnerable
(uses system gd)
|
| trusty |
Not vulnerable
(uses system gd)
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
|
php7.0 Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(uses system gd)
|
|
| yakkety |
Not vulnerable
(uses system gd)
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.5 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |