CVE-2016-7568

EUVD-2016-8421
Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted imagewebp and imagedestroy calls.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
Affected Products (NVD)
VendorProductVersion
libgdlibgd
𝑥
≤ 2.2.3
phpphp
5.6.0 ≤
𝑥
≤ 5.6.26
phpphp
7.0.0 ≤
𝑥
≤ 7.0.11
debiandebian_linux
8.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libgd2
bookworm
2.3.3-9
fixed
bullseye
2.3.0-2
fixed
sid
2.3.3-12
fixed
trixie
2.3.3-12
fixed
wheezy
not-affected
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libgd2
precise
not-affected
trusty
Fixed 2.1.0-3ubuntu0.5
released
xenial
Fixed 2.1.1-4ubuntu0.16.04.5
released
yakkety
Fixed 2.2.1-1ubuntu3.2
released
php5
precise
not-affected
trusty
not-affected
xenial
dne
yakkety
dne
php7.0
precise
dne
trusty
dne
xenial
not-affected
yakkety
not-affected
Common Weakness Enumeration
References
http://www.debian.org/security/2016/dsa-3693
http://www.securityfocus.com/bid/93184
https://bugs.php.net/bug.php?id=73003
https://github.com/libgd/libgd/commit/40bec0f38f50e8510f5bb71a82f516d46facde03
https://github.com/libgd/libgd/issues/308
https://github.com/php/php-src/commit/c18263e0e0769faee96a5d0ee04b750c442783c6
https://security.gentoo.org/glsa/201612-09
http://www.debian.org/security/2016/dsa-3693
http://www.securityfocus.com/bid/93184
https://bugs.php.net/bug.php?id=73003
https://github.com/libgd/libgd/commit/40bec0f38f50e8510f5bb71a82f516d46facde03
https://github.com/libgd/libgd/issues/308
https://github.com/php/php-src/commit/c18263e0e0769faee96a5d0ee04b750c442783c6
https://security.gentoo.org/glsa/201612-09