CVE-2016-9933
published 2017-01-04CVE-2016-9933: Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28…
PriorityP340high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
6.93%
93.3th percentile
Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | macos_sierra | — | — |
| debian | libgd2 | < libgd2 2.2.2-29-g3c2b605-1 (bookworm) | libgd2 2.2.2-29-g3c2b605-1 (bookworm) |
| libgd | libgd | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cmjx-gh93-h4cg: Stack consumption vulnerability in the gdImageFillToBorder function in gd
ghsa_unreviewed·2022-05-14
CVE-2016-9933 [HIGH] CWE-119 GHSA-cmjx-gh93-h4cg: Stack consumption vulnerability in the gdImageFillToBorder function in gd
Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.
OSV
libgd2 vulnerabilities
osv·2017-02-28·CVSS 9.8
CVE-2016-10166 [CRITICAL] libgd2 vulnerabilities
libgd2 vulnerabilities
Stefan Esser discovered that the GD library incorrectly handled memory when
processing certain images. If a user or automated system were tricked into
processing a specially crafted image, an attacker could cause a denial of
service, or possibly execute arbitrary code. This issue only affected
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-10166)
It was discovered that the GD library incorrectly handled certain malformed
images. If a user or automated system were tricked into processing a
specially crafted image, an attacker could cause a denial of service.
(CVE-2016-10167)
It was discovered that the GD library incorrectly handled certain malformed
images. If a user or automated system were tricked into processing a
specially crafted image, an atta
OSV
CVE-2016-9933: Stack consumption vulnerability in the gdImageFillToBorder function in gd
osv·2017-01-04·CVSS 7.5
CVE-2016-9933 [HIGH] CVE-2016-9933: Stack consumption vulnerability in the gdImageFillToBorder function in gd
Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.
Ubuntu
GD library vulnerabilities
vendor_ubuntu·2017-02-28·CVSS 9.8
CVE-2016-10166 [CRITICAL] GD library vulnerabilities
Title: GD library vulnerabilities
Summary: The GD library could be made to crash or run programs if it processed a
specially crafted image file.
Stefan Esser discovered that the GD library incorrectly handled memory when
processing certain images. If a user or automated system were tricked into
processing a specially crafted image, an attacker could cause a denial of
service, or possibly execute arbitrary code. This issue only affected
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-10166)
It was discovered that the GD library incorrectly handled certain malformed
images. If a user or automated system were tricked into processing a
specially crafted image, an attacker could cause a denial of service.
(CVE-2016-10167)
It was discovered that the GD library incorrectly hand
Apple
CVE-2016-9933: macOS Sierra 10.12.3
vendor_apple·2017-01-23·CVSS 7.5
CVE-2016-9933 [HIGH] CVE-2016-9933: macOS Sierra 10.12.3
Apple Security Update: About the security content of macOS Sierra 10.12.3
Product: macOS Sierra
Version: 10.12.3
CVE: CVE-2016-9933
Component: CVE-2016-9933
Red Hat
gd: Stack overflow in gdImageFillToBorder on truecolor images
vendor_redhat·2016-12-08·CVSS 7.5
CVE-2016-9933 [HIGH] CWE-20 gd: Stack overflow in gdImageFillToBorder on truecolor images
gd: Stack overflow in gdImageFillToBorder on truecolor images
Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.
An infinite recursion flaw was found in the gdImageFillToBorder() function from the gd library; also used by PHP imagefilltoborder() function, when passing a negative integer as the color parameter, triggering a stack overflow. A remote attacker with ability to force a negative color identifier when calling the function could crash the PHP application, causing a Denial of Service.
Statement:
Debian
CVE-2016-9933: libgd2 - Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in t...
vendor_debian·2016·CVSS 7.5
CVE-2016-9933 [HIGH] CVE-2016-9933: libgd2 - Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in t...
Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.
Scope: local
bookworm: resolved (fixed in 2.2.2-29-g3c2b605-1)
bullseye: resolved (fixed in 2.2.2-29-g3c2b605-1)
forky: resolved (fixed in 2.2.2-29-g3c2b605-1)
sid: resolved (fixed in 2.2.2-29-g3c2b605-1)
trixie: resolved (fixed in 2.2.2-29-g3c2b605-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-9933 CVE-2016-9934 CVE-2016-9935 CVE-2016-9936 php: various flaws [fedora-all]
bugzilla·2016-12-14·CVSS 7.5
CVE-2016-9933 [HIGH] CVE-2016-9933 CVE-2016-9934 CVE-2016-9935 CVE-2016-9936 php: various flaws [fedora-all]
CVE-2016-9933 CVE-2016-9934 CVE-2016-9935 CVE-2016-9936 php: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported ve
Bugzilla
CVE-2016-9933 php, gd: Stack overflow in gdImageFillToBorder on truecolor images
bugzilla·2016-12-14·CVSS 7.5
CVE-2016-9933 [HIGH] CVE-2016-9933 php, gd: Stack overflow in gdImageFillToBorder on truecolor images
CVE-2016-9933 php, gd: Stack overflow in gdImageFillToBorder on truecolor images
When negative color values are passed to gdImageFillToBorder(), it can lead to infinite recursion, since the recursion termination condition will not necessarily be met.
Upstream bug:
https://bugs.php.net/bug.php?id=72696
PHP patch:
https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1
libgd patch:
https://github.com/libgd/libgd/commit/77f619d48259383628c3ec4654b1ad578e9eb40e
CVE assignment:
http://seclists.org/oss-sec/2016/q4/658
Discussion:
Created php tracking bugs for this issue:
Affects: fedora-all [bug 1404737]
---
Statement:
Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future up
http://lists.opensuse.org/opensuse-updates/2016-12/msg00133.htmlhttp://lists.opensuse.org/opensuse-updates/2016-12/msg00142.htmlhttp://lists.opensuse.org/opensuse-updates/2017-01/msg00002.htmlhttp://lists.opensuse.org/opensuse-updates/2017-01/msg00034.htmlhttp://lists.opensuse.org/opensuse-updates/2017-01/msg00054.htmlhttp://www.debian.org/security/2017/dsa-3751http://www.openwall.com/lists/oss-security/2016/12/12/2http://www.php.net/ChangeLog-5.phphttp://www.php.net/ChangeLog-7.phphttp://www.securityfocus.com/bid/94865https://access.redhat.com/errata/RHSA-2018:1296https://bugs.php.net/bug.php?id=72696https://github.com/libgd/libgd/commit/77f619d48259383628c3ec4654b1ad578e9eb40ehttps://github.com/libgd/libgd/issues/215https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1http://lists.opensuse.org/opensuse-updates/2016-12/msg00133.htmlhttp://lists.opensuse.org/opensuse-updates/2016-12/msg00142.htmlhttp://lists.opensuse.org/opensuse-updates/2017-01/msg00002.htmlhttp://lists.opensuse.org/opensuse-updates/2017-01/msg00034.htmlhttp://lists.opensuse.org/opensuse-updates/2017-01/msg00054.htmlhttp://www.debian.org/security/2017/dsa-3751http://www.openwall.com/lists/oss-security/2016/12/12/2http://www.php.net/ChangeLog-5.phphttp://www.php.net/ChangeLog-7.phphttp://www.securityfocus.com/bid/94865https://access.redhat.com/errata/RHSA-2018:1296https://bugs.php.net/bug.php?id=72696https://github.com/libgd/libgd/commit/77f619d48259383628c3ec4654b1ad578e9eb40ehttps://github.com/libgd/libgd/issues/215https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1
2017-01-04
Published