CVE-2013-7456 — Out-of-bounds Read in Libgd

CWE-125 — Out-of-bounds Read9 documents8 sources

Severity

7.6HIGHNVD

EPSS

1.3%

top 20.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Libgd2 Apple OS X EL Capitan V10.11.6 AND Security Update 2016-004 Libgd

Timeline

PublishedAug 7

Latest updateMay 14

Description

gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.1.1, as used in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7, allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted image that is mishandled by the imagescale function.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:HExploitability: 2.8 | Impact: 4.7

Affected Packages3 packages

▶debiandebian/libgd2< libgd2 2.1.1-1 (bookworm)

▶NVDlibgd/libgd2.1.0

▶Appleapple/os_x_el_capitan_v10.11.6_and_security_update_2016-004

🔴Vulnerability Details

GHSA

GHSA-f3c2-5v72-7m7f: gd_interpolation↗2022-05-14

▶

OSV

CVE-2013-7456: gd_interpolation↗2016-08-07

▶

OSV

libgd2 vulnerabilities↗2016-07-11

▶

📋Vendor Advisories

Apple

CVE-2013-7456: OS X El Capitan v10.11.6 and Security Update 2016-004↗2016-07-18

▶

Ubuntu

GD library vulnerabilities↗2016-07-11

▶

Red Hat

gd: incorrect boundary adjustment in _gdContributionsCalc↗2013-09-24

▶

Debian

CVE-2013-7456: libgd2 - gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.1.1, as used ...↗2013

▶

💬Community

Bugzilla

CVE-2013-7456 gd: incorrect boundary adjustment in _gdContributionsCalc↗2016-05-27

▶