[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247974

 
 

909

 
 

194654

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2016-9933Date: (C)2017-01-10   (M)2024-04-17


Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 7.5CVSS Score : 5.0
Exploit Score: 3.9Exploit Score: 10.0
Impact Score: 3.6Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: NONE
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: NONEAvailability: PARTIAL
Integrity: NONE 
Availability: HIGH 
  
Reference:
BID-94865
DSA-3751
RHSA-2018:1296
http://www.openwall.com/lists/oss-security/2016/12/12/2
http://www.php.net/ChangeLog-5.php
http://www.php.net/ChangeLog-7.php
https://bugs.php.net/bug.php?id=72696
https://github.com/libgd/libgd/commit/77f619d48259383628c3ec4654b1ad578e9eb40e
https://github.com/libgd/libgd/issues/215
https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1
openSUSE-SU-2016:3228
openSUSE-SU-2016:3239
openSUSE-SU-2017:0006
openSUSE-SU-2017:0061
openSUSE-SU-2017:0081

CPE    4
cpe:/a:php:php
cpe:/a:libgd:libgd:2.2.1
cpe:/a:php:php:7.0.0
cpe:/a:php:php:7.0.1
...
CWE    1
CWE-119
OVAL    13
oval:org.secpod.oval:def:89045123
oval:org.secpod.oval:def:89045174
oval:org.secpod.oval:def:39117
oval:org.secpod.oval:def:89044653
...

© SecPod Technologies