CVE-2016-6128

Published: Aug 7, 2016

Modified: Aug 6, 2024

PUBLISHED

Description

The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

openSUSE-SU-2016:2117

vendor-advisory

x_refsource_SUSE

[oss-security] 20160629 Re: CVE Request: libgd: Invalid color index is not properly handled leading to denial of service (crash)

mailing-list

x_refsource_MLIST

91509

vdb-entry

x_refsource_BID

https://libgd.github.io/release-2.2.3.html

x_refsource_CONFIRM

https://bugs.php.net/72494

x_refsource_CONFIRM

openSUSE-SU-2016:2363

vendor-advisory

x_refsource_SUSE

RHSA-2016:2750

vendor-advisory

x_refsource_REDHAT

1036276

vdb-entry

x_refsource_SECTRACK

https://github.com/libgd/libgd/commit/6ff72ae40c7c20ece939afb362d98cc37f4a1c96

x_refsource_CONFIRM

GLSA-201612-09

vendor-advisory

x_refsource_GENTOO

DSA-3619

vendor-advisory

x_refsource_DEBIAN

USN-3030-1

vendor-advisory

x_refsource_UBUNTU

https://github.com/libgd/libgd/commit/1ccfe21e14c4d18336f9da8515cd17db88c3de61

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2016-6128

Description

Affected Products

References