CVE-2016-8670
published 2017-01-04CVE-2016-8670: Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x…
PriorityP343critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
4.79%
90.8th percentile
Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted imagecreatefromstring call.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | macos_sierra | — | — |
| debian | libgd2 | < libgd2 2.2.3-87-gd0fec80-1 (bookworm) | libgd2 2.2.3-87-gd0fec80-1 (bookworm) |
| libgd | libgd | <= 2.2.3 | — |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_redhat9.8CRITICAL
vendor_ubuntu5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Apple
CVE-2016-8670: macOS Sierra 10.12.3
vendor_apple·2017-01-23·CVSS 9.8
CVE-2016-8670 [CRITICAL] CVE-2016-8670: macOS Sierra 10.12.3
Apple Security Update: About the security content of macOS Sierra 10.12.3
Product: macOS Sierra
Version: 10.12.3
CVE: CVE-2016-8670
Component: CVE-2016-8670
Ubuntu
GD library vulnerabilities
vendor_ubuntu·2016-11-01·CVSS 5.5
CVE-2016-6911 [MEDIUM] GD library vulnerabilities
Title: GD library vulnerabilities
Summary: The GD library could be made to crash or run programs if it processed a
specially crafted image file.
Ibrahim El-Sayed discovered that the GD library incorrectly handled certain
malformed Tiff images. If a user or automated system were tricked into
processing a specially crafted Tiff image, an attacker could cause a denial
of service. (CVE-2016-6911)
Ke Liu discovered that the GD library incorrectly handled certain integers
when processing WebP images. If a user or automated system were tricked
into processing a specially crafted WebP image, an attacker could cause a
denial of service, or possibly execute arbitrary code. This issue only
applied to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10.
(CVE-2016-7568)
Emmanuel Law discovered that
Red Hat
php: Stack based buffer overflow in dynamicGetbuf
vendor_redhat·2016-10-10·CVSS 9.8
CVE-2016-8670 [CRITICAL] CWE-121 php: Stack based buffer overflow in dynamicGetbuf
php: Stack based buffer overflow in dynamicGetbuf
Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted imagecreatefromstring call.
A vulnerability was found in gd. Integer underflow in a calculation in dynamicGetbuf() was incorrectly handled, leading in some circumstances to an out of bounds write through a very large argument to memcpy(). An attacker could create a crafted image that would lead to a crash or, potentially, code execution.
Package: gd (Red Hat Enterprise Linux 5) - Will not fix
Package: php (Red Hat Enterprise Lin
Debian
CVE-2016-8670: libgd2 - Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD G...
vendor_debian·2016·CVSS 9.8
CVE-2016-8670 [CRITICAL] CVE-2016-8670: libgd2 - Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD G...
Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted imagecreatefromstring call.
Scope: local
bookworm: resolved (fixed in 2.2.3-87-gd0fec80-1)
bullseye: resolved (fixed in 2.2.3-87-gd0fec80-1)
forky: resolved (fixed in 2.2.3-87-gd0fec80-1)
sid: resolved (fixed in 2.2.3-87-gd0fec80-1)
trixie: resolved (fixed in 2.2.3-87-gd0fec80-1)
GHSA
GHSA-7hrm-234x-37p5: Integer signedness error in the dynamicGetbuf function in gd_io_dp
ghsa_unreviewed·2022-05-17
CVE-2016-8670 [CRITICAL] CWE-119 GHSA-7hrm-234x-37p5: Integer signedness error in the dynamicGetbuf function in gd_io_dp
Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted imagecreatefromstring call.
OSV
CVE-2016-8670: Integer signedness error in the dynamicGetbuf function in gd_io_dp
osv·2017-01-04·CVSS 9.8
CVE-2016-8670 [CRITICAL] CVE-2016-8670: Integer signedness error in the dynamicGetbuf function in gd_io_dp
Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted imagecreatefromstring call.
OSV
libgd2 vulnerabilities
osv·2016-11-01·CVSS 5.5
CVE-2016-6911 [MEDIUM] libgd2 vulnerabilities
libgd2 vulnerabilities
Ibrahim El-Sayed discovered that the GD library incorrectly handled certain
malformed Tiff images. If a user or automated system were tricked into
processing a specially crafted Tiff image, an attacker could cause a denial
of service. (CVE-2016-6911)
Ke Liu discovered that the GD library incorrectly handled certain integers
when processing WebP images. If a user or automated system were tricked
into processing a specially crafted WebP image, an attacker could cause a
denial of service, or possibly execute arbitrary code. This issue only
applied to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10.
(CVE-2016-7568)
Emmanuel Law discovered that the GD library incorrectly handled certain
strings when creating images. If a user or automated system were tricked
into p
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-8670 php: gd, php: Stack based buffer overflow in dynamicGetbuf [fedora-all]
bugzilla·2016-11-04·CVSS 9.8
CVE-2016-8670 [CRITICAL] CVE-2016-8670 php: gd, php: Stack based buffer overflow in dynamicGetbuf [fedora-all]
CVE-2016-8670 php: gd, php: Stack based buffer overflow in dynamicGetbuf [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported
Bugzilla
CVE-2016-8670 gd: Stack based buffer overflow in dynamicGetbuf [fedora-all]
bugzilla·2016-11-02·CVSS 9.8
CVE-2016-8670 [CRITICAL] CVE-2016-8670 gd: Stack based buffer overflow in dynamicGetbuf [fedora-all]
CVE-2016-8670 gd: Stack based buffer overflow in dynamicGetbuf [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fe
Bugzilla
CVE-2016-8670 php: Stack based buffer overflow in dynamicGetbuf
bugzilla·2016-11-02·CVSS 9.8
CVE-2016-8670 [CRITICAL] CVE-2016-8670 php: Stack based buffer overflow in dynamicGetbuf
CVE-2016-8670 php: Stack based buffer overflow in dynamicGetbuf
Stack based buffer overflow was found in dynamicGetbuf when passing negative `rlen` as size to memcpy().
PHP bug:
https://bugs.php.net/bug.php?id=73280
GD patch:
https://github.com/libgd/libgd/commit/53110871935244816bbb9d131da0bccff734bfe9
PHP patch:
https://git.php.net/?p=php-src.git;a=commit;h=cc08cbc84d46933c1e9e0149633f1ed5d19e45e9
CVE assignment:
http://www.openwall.com/lists/oss-security/2016/10/15/6
Discussion:
Created gd tracking bugs for this issue:
Affects: fedora-all [bug 1391077]
---
Created php tracking bugs for this issue:
Affects: fedora-all [bug 1391076]
Bugzilla
CVE-2016-8670 gd, php: Stack based buffer overflow in dynamicGetbuf [fedora-all]
bugzilla·2016-11-02·CVSS 9.8
CVE-2016-8670 [CRITICAL] CVE-2016-8670 gd, php: Stack based buffer overflow in dynamicGetbuf [fedora-all]
CVE-2016-8670 gd, php: Stack based buffer overflow in dynamicGetbuf [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions
http://www.debian.org/security/2016/dsa-3693http://www.openwall.com/lists/oss-security/2016/10/15/1http://www.php.net/ChangeLog-5.phphttp://www.php.net/ChangeLog-7.phphttp://www.securityfocus.com/bid/93594https://bugs.php.net/bug.php?id=73280https://github.com/libgd/libgd/commit/53110871935244816bbb9d131da0bccff734bfe9https://support.f5.com/csp/article/K21336065?utm_source=f5support&%3Butm_medium=RSShttp://www.debian.org/security/2016/dsa-3693http://www.openwall.com/lists/oss-security/2016/10/15/1http://www.php.net/ChangeLog-5.phphttp://www.php.net/ChangeLog-7.phphttp://www.securityfocus.com/bid/93594https://bugs.php.net/bug.php?id=73280https://github.com/libgd/libgd/commit/53110871935244816bbb9d131da0bccff734bfe9https://support.f5.com/csp/article/K21336065?utm_source=f5support&%3Butm_medium=RSS
2017-01-04
Published