CVE-2016-7568
published 2016-09-28CVE-2016-7568: Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote…
PriorityP346critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
5.10%
91.3th percentile
Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted imagewebp and imagedestroy calls.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | libgd2 | < libgd2 2.2.3-87-gd0fec80-1 (bookworm) | libgd2 2.2.3-87-gd0fec80-1 (bookworm) |
| libgd | libgd | <= 2.2.3 | — |
| php | php | 5.6.0 – 5.6.26 | — |
| php | php | 7.0.0 – 7.0.11 | — |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_redhat9.8CRITICAL
vendor_ubuntu5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fphp-jmfp-4vj9: Integer overflow in the gdImageWebpCtx function in gd_webp
ghsa_unreviewed·2022-05-14
CVE-2016-7568 [CRITICAL] CWE-190 GHSA-fphp-jmfp-4vj9: Integer overflow in the gdImageWebpCtx function in gd_webp
Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted imagewebp and imagedestroy calls.
OSV
libgd2 vulnerabilities
osv·2016-11-01·CVSS 5.5
CVE-2016-6911 [MEDIUM] libgd2 vulnerabilities
libgd2 vulnerabilities
Ibrahim El-Sayed discovered that the GD library incorrectly handled certain
malformed Tiff images. If a user or automated system were tricked into
processing a specially crafted Tiff image, an attacker could cause a denial
of service. (CVE-2016-6911)
Ke Liu discovered that the GD library incorrectly handled certain integers
when processing WebP images. If a user or automated system were tricked
into processing a specially crafted WebP image, an attacker could cause a
denial of service, or possibly execute arbitrary code. This issue only
applied to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10.
(CVE-2016-7568)
Emmanuel Law discovered that the GD library incorrectly handled certain
strings when creating images. If a user or automated system were tricked
into p
OSV
CVE-2016-7568: Integer overflow in the gdImageWebpCtx function in gd_webp
osv·2016-09-28·CVSS 9.8
CVE-2016-7568 [CRITICAL] CVE-2016-7568: Integer overflow in the gdImageWebpCtx function in gd_webp
Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted imagewebp and imagedestroy calls.
Ubuntu
GD library vulnerabilities
vendor_ubuntu·2016-11-01·CVSS 5.5
CVE-2016-6911 [MEDIUM] GD library vulnerabilities
Title: GD library vulnerabilities
Summary: The GD library could be made to crash or run programs if it processed a
specially crafted image file.
Ibrahim El-Sayed discovered that the GD library incorrectly handled certain
malformed Tiff images. If a user or automated system were tricked into
processing a specially crafted Tiff image, an attacker could cause a denial
of service. (CVE-2016-6911)
Ke Liu discovered that the GD library incorrectly handled certain integers
when processing WebP images. If a user or automated system were tricked
into processing a specially crafted WebP image, an attacker could cause a
denial of service, or possibly execute arbitrary code. This issue only
applied to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10.
(CVE-2016-7568)
Emmanuel Law discovered that
Red Hat
php: Integer overflow in gdImageWebpCtx
vendor_redhat·2016-09-02·CVSS 9.8
CVE-2016-7568 [CRITICAL] CWE-190 php: Integer overflow in gdImageWebpCtx
php: Integer overflow in gdImageWebpCtx
Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted imagewebp and imagedestroy calls.
An integer overflow flaw, leading to a heap-based buffer overflow, was found in gd. A specially crafted image, when converted to webp, could cause the application to crash or potentially execute arbitrary code.
Package: gd (Red Hat Enterprise Linux 5) - Not affected
Package: php (Red Hat Enterprise Linux 5) - Not affected
Package: php53 (Red Hat Enterprise Linux 5) - Not affected
Package: gd (Red Hat Enterprise Linux 6) - Not affected
Debian
CVE-2016-7568: libgd2 - Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics ...
vendor_debian·2016·CVSS 9.8
CVE-2016-7568 [CRITICAL] CVE-2016-7568: libgd2 - Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics ...
Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted imagewebp and imagedestroy calls.
Scope: local
bookworm: resolved (fixed in 2.2.3-87-gd0fec80-1)
bullseye: resolved (fixed in 2.2.3-87-gd0fec80-1)
forky: resolved (fixed in 2.2.3-87-gd0fec80-1)
sid: resolved (fixed in 2.2.3-87-gd0fec80-1)
trixie: resolved (fixed in 2.2.3-87-gd0fec80-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-7568 gd: gd, php: Integer overflow in gdImageWebpCtx [fedora-all]
bugzilla·2016-09-29·CVSS 9.8
CVE-2016-7568 [CRITICAL] CVE-2016-7568 gd: gd, php: Integer overflow in gdImageWebpCtx [fedora-all]
CVE-2016-7568 gd: gd, php: Integer overflow in gdImageWebpCtx [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fed
Bugzilla
CVE-2016-7568 gd, php: Integer overflow in gdImageWebpCtx [fedora-all]
bugzilla·2016-09-29·CVSS 9.8
CVE-2016-7568 [CRITICAL] CVE-2016-7568 gd, php: Integer overflow in gdImageWebpCtx [fedora-all]
CVE-2016-7568 gd, php: Integer overflow in gdImageWebpCtx [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora.
Bugzilla
CVE-2016-7568 gd, php: Integer overflow in gdImageWebpCtx
bugzilla·2016-09-29·CVSS 9.8
CVE-2016-7568 [CRITICAL] CVE-2016-7568 gd, php: Integer overflow in gdImageWebpCtx
CVE-2016-7568 gd, php: Integer overflow in gdImageWebpCtx
An integer overflow vulnerability was found in function gdImageWebpCtx of file gd_webp.c in libgd. It could lead to heap buffer overflow. Both PHP 7.0.10 and libgd 2.2.3 were affected.
PHP bug:
https://bugs.php.net/bug.php?id=73003
PHP patch:
https://github.com/php/php-src/commit/c18263e0e0769faee96a5d0ee04b750c442783c6
libgd bug:
https://github.com/libgd/libgd/issues/308
libgd patch:
https://github.com/libgd/libgd/commit/40bec0f38f50e8510f5bb71a82f516d46facde03
CVE assignment:
http://seclists.org/oss-sec/2016/q3/639
Discussion:
Created gd tracking bugs for this issue:
Affects: fedora-all [bug 1380453]
---
Created php tracking bugs for this issue:
Affects: fedora-all [bug 1380452]
---
This vulnerability is only pr
http://www.debian.org/security/2016/dsa-3693http://www.securityfocus.com/bid/93184https://bugs.php.net/bug.php?id=73003https://github.com/libgd/libgd/commit/40bec0f38f50e8510f5bb71a82f516d46facde03https://github.com/libgd/libgd/issues/308https://github.com/php/php-src/commit/c18263e0e0769faee96a5d0ee04b750c442783c6https://security.gentoo.org/glsa/201612-09http://www.debian.org/security/2016/dsa-3693http://www.securityfocus.com/bid/93184https://bugs.php.net/bug.php?id=73003https://github.com/libgd/libgd/commit/40bec0f38f50e8510f5bb71a82f516d46facde03https://github.com/libgd/libgd/issues/308https://github.com/php/php-src/commit/c18263e0e0769faee96a5d0ee04b750c442783c6https://security.gentoo.org/glsa/201612-09
2016-09-28
Published