Vulnerability Details : CVE-2016-9933
Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2016-9933
- cpe:2.3:a:libgd:libgd:2.2.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-9933
13.57%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-9933
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2016-9933
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-9933
-
http://lists.opensuse.org/opensuse-updates/2017-01/msg00002.html
openSUSE-SU-2017:0006-1: moderate: Security update for gd
-
http://www.debian.org/security/2017/dsa-3751
Debian -- Security Information -- DSA-3751-1 libgd2
-
https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1
Fix #72696: imagefilltoborder stackoverflow on truecolor images · php/php-src@863d37e · GitHubVendor Advisory
-
http://www.securityfocus.com/bid/94865
PHP 'src/gd.c' Denial of Service Vulnerability
-
https://github.com/libgd/libgd/issues/215
gdImageFillToBorder stack-overflow when invalid color is used · Issue #215 · libgd/libgd · GitHubVendor Advisory
-
http://lists.opensuse.org/opensuse-updates/2016-12/msg00133.html
openSUSE-SU-2016:3228-1: moderate: Security update for gd
-
https://access.redhat.com/errata/RHSA-2018:1296
RHSA-2018:1296 - Security Advisory - Red Hat Customer Portal
-
http://www.openwall.com/lists/oss-security/2016/12/12/2
oss-security - CVE assignment for PHP 5.6.28, 5.6.29, 7.0.13, 7.0.14 and 7.1.0Third Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2017-01/msg00034.html
openSUSE-SU-2017:0061-1: moderate: Security update for php7
-
https://github.com/libgd/libgd/commit/77f619d48259383628c3ec4654b1ad578e9eb40e
fix #215 gdImageFillToBorder stack-overflow when invalid color is used · libgd/libgd@77f619d · GitHubPatch;Vendor Advisory
-
http://www.php.net/ChangeLog-7.php
PHP: PHP 7 ChangeLogRelease Notes;Vendor Advisory
-
http://www.php.net/ChangeLog-5.php
PHP: PHP 5 ChangeLogRelease Notes;Vendor Advisory
-
http://lists.opensuse.org/opensuse-updates/2016-12/msg00142.html
openSUSE-SU-2016:3239-1: moderate: Security update for php5
-
https://bugs.php.net/bug.php?id=72696
PHP :: Sec Bug #72696 :: imagefilltoborder stackoverflow on truecolor imagesVendor Advisory
-
http://lists.opensuse.org/opensuse-updates/2017-01/msg00054.html
openSUSE-SU-2017:0081-1: moderate: Security update for php5
Jump to