CVE-2016-9933
Published: 4 January 2017
Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.
Notes
| Author | Note |
|---|---|
| mdeslaur | php uses the system libgd2 |
Priority
CVSS 3 base score: 7.5
Status
| Package | Release | Status |
|---|---|---|
|
libgd2 Launchpad, Ubuntu, Debian |
upstream |
Released
(2.2.2)
|
| precise |
Released
(2.0.36~rc1~dfsg-6ubuntu2.4)
|
|
| trusty |
Released
(2.1.0-3ubuntu0.6)
|
|
| xenial |
Released
(2.1.1-4ubuntu0.16.04.6)
|
|
| yakkety |
Released
(2.2.1-1ubuntu3.3)
|
|
|
Patches: upstream: https://github.com/libgd/libgd/commit/77f619d48259383628c3ec4654b1ad578e9eb40e |
||
|
php5 Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
| precise |
Not vulnerable
(uses system gd)
|
|
| trusty |
Not vulnerable
(uses system gd)
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
|
php7.0 Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Not vulnerable
(uses system gd)
|
|
| yakkety |
Not vulnerable
(uses system gd)
|
|