Vulnerability Details : CVE-2016-6128
The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index.
Vulnerability category: Input validationDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2016-6128
Probability of exploitation activity in the next 30 days: 3.37%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 90 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2016-6128
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2016-6128
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-6128
-
http://www.securitytracker.com/id/1036276
GD Library gdImageCropThreshold() Out-of-Bounds Memory Read Error Lets Remote Users Cause the Target Application to Crash - SecurityTrackerThird Party Advisory;VDB Entry
-
https://security.gentoo.org/glsa/201612-09
GD: Multiple vulnerabilities (GLSA 201612-09) — Gentoo securityThird Party Advisory
-
http://www.debian.org/security/2016/dsa-3619
Debian -- Security Information -- DSA-3619-1 libgd2Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2016/06/30/1
oss-security - Re: CVE Request: libgd: Invalid color index is not properly handled leading to denial of service (crash)Mailing List;Third Party Advisory
-
https://github.com/libgd/libgd/commit/1ccfe21e14c4d18336f9da8515cd17db88c3de61
fix php 72494, invalid color index not handled, can lead to crash · libgd/libgd@1ccfe21 · GitHubIssue Tracking;Patch;Third Party Advisory
-
https://github.com/libgd/libgd/commit/6ff72ae40c7c20ece939afb362d98cc37f4a1c96
fix php 72494, invalid color index not handled, can lead to crash · libgd/libgd@6ff72ae · GitHubIssue Tracking;Third Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html
openSUSE-SU-2016:2117-1: moderate: Security update for gdMailing List;Third Party Advisory
-
https://libgd.github.io/release-2.2.3.html
LibGD 2.2.3 releaseRelease Notes;Third Party Advisory
-
http://www.securityfocus.com/bid/91509
libgd CVE-2016-6128 Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
https://bugs.php.net/72494
PHP :: Sec Bug #72494 :: imagecropauto out-of-bounds accessIssue Tracking;Permissions Required
-
http://www.ubuntu.com/usn/USN-3030-1
USN-3030-1: GD library vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-2750.html
RHSA-2016:2750 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html
openSUSE-SU-2016:2363-1: moderate: Security update for gdMailing List;Third Party Advisory
Products affected by CVE-2016-6128
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:a:libgd:libgd:*:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*