CVE-2016-8670

Name of the Vulnerable Software and Affected Versions GD Graphics Library versions prior to 2.2.4 PHP versions prior to 5.6.28 and 7.x prior to 7.0.13

Description The issue is caused by an integer signedness error in the dynamicGetbuf function in gd io dp.c of the GD Graphics Library. This error leads to a stack-based buffer overflow. Exploitation of this issue may allow a remote attacker to cause a denial of service or possibly have other unspecified impacts via a specially crafted imagecreatefromstring call.

Recommendations For GD Graphics Library versions prior to 2.2.4, update to version 2.2.4 or later to resolve the issue. For PHP versions prior to 5.6.28, update to version 5.6.28 or later to resolve the issue. For PHP 7.x versions prior to 7.0.13, update to version 7.0.13 or later to resolve the issue. As a temporary workaround, consider restricting the use of the imagecreatefromstring function until a patch is available.