CVE-2016-9933

Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
VendorProductVersion
libgdlibgd
2.2.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libgd2
bullseye
2.3.0-2
fixed
bookworm
2.3.3-9
fixed
sid
2.3.3-12
fixed
trixie
2.3.3-12
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libgd2
yakkety
Fixed 2.2.1-1ubuntu3.3
released
xenial
Fixed 2.1.1-4ubuntu0.16.04.6
released
trusty
Fixed 2.1.0-3ubuntu0.6
released
precise
Fixed 2.0.36~rc1~dfsg-6ubuntu2.4
released
php5
yakkety
dne
xenial
dne
trusty
not-affected
precise
not-affected
php7.0
yakkety
not-affected
xenial
not-affected
trusty
dne
precise
dne
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-updates/2016-12/msg00133.html
http://lists.opensuse.org/opensuse-updates/2016-12/msg00142.html
http://lists.opensuse.org/opensuse-updates/2017-01/msg00002.html
http://lists.opensuse.org/opensuse-updates/2017-01/msg00034.html
http://lists.opensuse.org/opensuse-updates/2017-01/msg00054.html
http://www.debian.org/security/2017/dsa-3751
http://www.openwall.com/lists/oss-security/2016/12/12/2
http://www.php.net/ChangeLog-5.php
http://www.php.net/ChangeLog-7.php
http://www.securityfocus.com/bid/94865
https://access.redhat.com/errata/RHSA-2018:1296
https://bugs.php.net/bug.php?id=72696
https://github.com/libgd/libgd/commit/77f619d48259383628c3ec4654b1ad578e9eb40e
https://github.com/libgd/libgd/issues/215
https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1
http://lists.opensuse.org/opensuse-updates/2016-12/msg00133.html
http://lists.opensuse.org/opensuse-updates/2016-12/msg00142.html
http://lists.opensuse.org/opensuse-updates/2017-01/msg00002.html
http://lists.opensuse.org/opensuse-updates/2017-01/msg00034.html
http://lists.opensuse.org/opensuse-updates/2017-01/msg00054.html
http://www.debian.org/security/2017/dsa-3751
http://www.openwall.com/lists/oss-security/2016/12/12/2
http://www.php.net/ChangeLog-5.php
http://www.php.net/ChangeLog-7.php
http://www.securityfocus.com/bid/94865
https://access.redhat.com/errata/RHSA-2018:1296
https://bugs.php.net/bug.php?id=72696
https://github.com/libgd/libgd/commit/77f619d48259383628c3ec4654b1ad578e9eb40e
https://github.com/libgd/libgd/issues/215
https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1