CVE-2016-5767

HIGH8.8EPSS 4.6%

發布日:2016/8/7修改日:2026/4/28

描述

Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library (aka libgd) before 2.0.34RC1, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted image dimensions.

受影響套件(2)

Alpine/gdfrom 0, < 2.2.2-r0
Debian/libgd2from 0, < 2.0.34~rc1-1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH8.8	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

參考連結(2)

ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2016-5767
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2016-5767