CVE-2016-7568 — Integer Overflow or Wraparound in Libgd

CWE-190 — Integer Overflow or Wraparound CWE-122 — Heap-based Buffer Overflow10 documents7 sources

Severity

9.8CRITICALNVD

OSV5.5

EPSS

3.4%

top 12.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Libgd2 Libgd PHP +1 more

Timeline

PublishedSep 28

Latest updateMay 14

Description

Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted imagewebp and imagedestroy calls.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶debiandebian/libgd2< libgd2 2.2.3-87-gd0fec80-1 (bookworm)

▶NVDlibgd/libgd2.2.3

▶NVDphp/php5.6.0 — 5.6.26+1

Also affects: Debian Linux 8.0

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-fphp-jmfp-4vj9: Integer overflow in the gdImageWebpCtx function in gd_webp↗2022-05-14

▶

OSV

libgd2 vulnerabilities↗2016-11-01

▶

OSV

CVE-2016-7568: Integer overflow in the gdImageWebpCtx function in gd_webp↗2016-09-28

▶

📋Vendor Advisories

Ubuntu

GD library vulnerabilities↗2016-11-01

▶

Red Hat

php: Integer overflow in gdImageWebpCtx↗2016-09-02

▶

Debian

CVE-2016-7568: libgd2 - Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics ...↗2016

▶

💬Community

Bugzilla

CVE-2016-7568 gd: gd, php: Integer overflow in gdImageWebpCtx [fedora-all]↗2016-09-29

▶

Bugzilla

CVE-2016-7568 gd, php: Integer overflow in gdImageWebpCtx [fedora-all]↗2016-09-29

▶

Bugzilla

CVE-2016-7568 gd, php: Integer overflow in gdImageWebpCtx↗2016-09-29

▶