Vulnerability Details : CVE-2016-7568
Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted imagewebp and imagedestroy calls.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2016-7568
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
- cpe:2.3:a:libgd:libgd:*:*:*:*:*:*:*:*
Threat overview for CVE-2016-7568
Top countries where our scanners detected CVE-2016-7568
Top open port discovered on systems with this issue
80
IPs affected by CVE-2016-7568 51,027
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2016-7568!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2016-7568
1.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 82 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-7568
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2016-7568
-
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-7568
-
https://github.com/libgd/libgd/issues/308
CVE-2016-7568 Integer Overflow in gdImageWebpCtx · Issue #308 · libgd/libgd · GitHubIssue Tracking;Patch;Third Party Advisory
-
https://security.gentoo.org/glsa/201612-09
GD: Multiple vulnerabilities (GLSA 201612-09) — Gentoo securityThird Party Advisory
-
https://github.com/libgd/libgd/commit/40bec0f38f50e8510f5bb71a82f516d46facde03
Merge branch 'pull-request/296' · libgd/libgd@40bec0f · GitHubIssue Tracking;Patch;Third Party Advisory
-
http://www.debian.org/security/2016/dsa-3693
Debian -- Security Information -- DSA-3693-1 libgd2Third Party Advisory
-
http://www.securityfocus.com/bid/93184
libgd 'gd_webp.c' Integer Overflow VulnerabilityThird Party Advisory;VDB Entry
-
https://github.com/php/php-src/commit/c18263e0e0769faee96a5d0ee04b750c442783c6
Merge branch 'PHP-5.6' into PHP-7.0 · php/php-src@c18263e · GitHubIssue Tracking;Patch;Third Party Advisory
-
https://bugs.php.net/bug.php?id=73003
PHP :: Sec Bug #73003 :: Integer Overflow in gdImageWebpCtx of gd_webp.cIssue Tracking;Vendor Advisory
Jump to