PT-2016-6676 · Libgd+5 · Gd Graphics Library+5

Gogil

Publicado

2016-07-05

Atualizado

2018-01-05

CVE-2016-5767

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GD Graphics Library versions prior to 2.0.34RC1 PHP versions prior to 5.5.37 PHP versions 5.6.x prior to 5.6.23 PHP versions 7.x prior to 7.0.8

Description The issue is related to an integer overflow in the gdImageCreate function, which can be exploited by remote attackers using crafted image dimensions. This can lead to a denial of service, causing a heap-based buffer overflow and application crash, or possibly have other unspecified impacts.

Recommendations For GD Graphics Library versions prior to 2.0.34RC1, update to version 2.0.34RC1 or later. For PHP versions prior to 5.5.37, update to version 5.5.37 or later. For PHP versions 5.6.x prior to 5.6.23, update to version 5.6.23 or later. For PHP versions 7.x prior to 7.0.8, update to version 7.0.8 or later.

Correção

DoS

Integer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-190

Identificadores relacionados

CESA-2016_2598

CVE-2016-5767

MGASA-2016-0242

OPENSUSE-SU-2016_1761-1

RHSA-2016:2598

RHSA-2016:2750

RHSA-2016_2598

SUSE-SU-2016:1842-1

SUSE-SU-2016:2013-1

SUSE-SU-2016:2080-1

Produtos afetados

Centos

Fortios

Gd Graphics Library

Php

Red Hat

Suse

PT-2016-6676 · Libgd+5 · Gd Graphics Library+5

CVE-2016-5767

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 111