PT-2016-6676 · Libgd+5 · Gd Graphics Library+5

Gogil

Published

2016-07-05

Updated

2018-01-05

CVE-2016-5767

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GD Graphics Library versions prior to 2.0.34RC1 PHP versions prior to 5.5.37 PHP versions 5.6.x prior to 5.6.23 PHP versions 7.x prior to 7.0.8

Description The issue is related to an integer overflow in the gdImageCreate function, which can be exploited by remote attackers using crafted image dimensions. This can lead to a denial of service, causing a heap-based buffer overflow and application crash, or possibly have other unspecified impacts.

Recommendations For GD Graphics Library versions prior to 2.0.34RC1, update to version 2.0.34RC1 or later. For PHP versions prior to 5.5.37, update to version 5.5.37 or later. For PHP versions 5.6.x prior to 5.6.23, update to version 5.6.23 or later. For PHP versions 7.x prior to 7.0.8, update to version 7.0.8 or later.

Fix

DoS

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

CESA-2016_2598

CVE-2016-5767

MGASA-2016-0242

OPENSUSE-SU-2016_1761-1

RHSA-2016:2598

RHSA-2016:2750

RHSA-2016_2598

SUSE-SU-2016:1842-1

SUSE-SU-2016:2013-1

SUSE-SU-2016:2080-1

Affected Products

Centos

Fortios

Gd Graphics Library

Php

Red Hat

Suse

PT-2016-6676 · Libgd+5 · Gd Graphics Library+5

CVE-2016-5767

Weakness Enumeration

Related Identifiers

Affected Products

References · 111