CVE-2016-9933

EUVD-2016-10720
Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
Affected Products (NVD)
VendorProductVersion
libgdlibgd
2.2.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libgd2
bookworm
2.3.3-9
fixed
bullseye
2.3.0-2
fixed
sid
2.3.3-12
fixed
trixie
2.3.3-12
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libgd2
precise
Fixed 2.0.36~rc1~dfsg-6ubuntu2.4
released
trusty
Fixed 2.1.0-3ubuntu0.6
released
xenial
Fixed 2.1.1-4ubuntu0.16.04.6
released
yakkety
Fixed 2.2.1-1ubuntu3.3
released
php5
precise
not-affected
trusty
not-affected
xenial
dne
yakkety
dne
php7.0
precise
dne
trusty
dne
xenial
not-affected
yakkety
not-affected
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-updates/2016-12/msg00133.html
http://lists.opensuse.org/opensuse-updates/2016-12/msg00142.html
http://lists.opensuse.org/opensuse-updates/2017-01/msg00002.html
http://lists.opensuse.org/opensuse-updates/2017-01/msg00034.html
http://lists.opensuse.org/opensuse-updates/2017-01/msg00054.html
http://www.debian.org/security/2017/dsa-3751
http://www.openwall.com/lists/oss-security/2016/12/12/2
http://www.php.net/ChangeLog-5.php
http://www.php.net/ChangeLog-7.php
http://www.securityfocus.com/bid/94865
https://access.redhat.com/errata/RHSA-2018:1296
https://bugs.php.net/bug.php?id=72696
https://github.com/libgd/libgd/commit/77f619d48259383628c3ec4654b1ad578e9eb40e
https://github.com/libgd/libgd/issues/215
https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1
http://lists.opensuse.org/opensuse-updates/2016-12/msg00133.html
http://lists.opensuse.org/opensuse-updates/2016-12/msg00142.html
http://lists.opensuse.org/opensuse-updates/2017-01/msg00002.html
http://lists.opensuse.org/opensuse-updates/2017-01/msg00034.html
http://lists.opensuse.org/opensuse-updates/2017-01/msg00054.html
http://www.debian.org/security/2017/dsa-3751
http://www.openwall.com/lists/oss-security/2016/12/12/2
http://www.php.net/ChangeLog-5.php
http://www.php.net/ChangeLog-7.php
http://www.securityfocus.com/bid/94865
https://access.redhat.com/errata/RHSA-2018:1296
https://bugs.php.net/bug.php?id=72696
https://github.com/libgd/libgd/commit/77f619d48259383628c3ec4654b1ad578e9eb40e
https://github.com/libgd/libgd/issues/215
https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1