Vulnerability Details : CVE-2016-8670
Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted imagecreatefromstring call.
Vulnerability category: OverflowDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2016-8670
Probability of exploitation activity in the next 30 days: 3.87%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 92 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2016-8670
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2016-8670
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-8670
-
http://www.openwall.com/lists/oss-security/2016/10/15/1
oss-security - CVE Request: libgd: Stack Buffer Overflow in GD dynamicGetbufThird Party Advisory
-
https://github.com/libgd/libgd/commit/53110871935244816bbb9d131da0bccff734bfe9
Avoid potentially dangerous signed to unsigned conversion · libgd/libgd@5311087 · GitHubVendor Advisory
-
http://www.debian.org/security/2016/dsa-3693
Debian -- Security Information -- DSA-3693-1 libgd2
-
https://support.f5.com/csp/article/K21336065?utm_source=f5support&utm_medium=RSS
GD Graphics Library vulnerability CVE-2016-8670
-
http://www.securityfocus.com/bid/93594
PHP LibGD CVE-2016-8670 Stack Buffer Overflow Vulnerability
-
http://www.php.net/ChangeLog-7.php
PHP: PHP 7 ChangeLogRelease Notes;Vendor Advisory
-
https://bugs.php.net/bug.php?id=73280
PHP :: Bug #73280 :: Stack Buffer Overflow in GD dynamicGetbufVendor Advisory
-
http://www.php.net/ChangeLog-5.php
PHP: PHP 5 ChangeLogRelease Notes;Vendor Advisory
Products affected by CVE-2016-8670
- cpe:2.3:a:libgd:libgd:*:*:*:*:*:*:*:*