QwikSec

Security Database

CVE

CWE

Training

CVE-2016-9933

Published: Jan 4, 2017

Modified: Aug 6, 2024

PUBLISHED

Description

Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20161212 CVE assignment for PHP 5.6.28, 5.6.29, 7.0.13, 7.0.14 and 7.1.0

mailing-list

x_refsource_MLIST

openSUSE-SU-2016:3228

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2017:0081

vendor-advisory

x_refsource_SUSE

http://www.php.net/ChangeLog-7.php

x_refsource_CONFIRM

openSUSE-SU-2017:0006

vendor-advisory

x_refsource_SUSE

https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1

x_refsource_CONFIRM

vendor-advisory

x_refsource_DEBIAN

vdb-entry

x_refsource_BID

vendor-advisory

x_refsource_REDHAT

http://www.php.net/ChangeLog-5.php

x_refsource_CONFIRM

https://bugs.php.net/bug.php?id=72696

x_refsource_CONFIRM

openSUSE-SU-2017:0061

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2016:3239

vendor-advisory

x_refsource_SUSE

https://github.com/libgd/libgd/issues/215

x_refsource_CONFIRM

https://github.com/libgd/libgd/commit/77f619d48259383628c3ec4654b1ad578e9eb40e

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.