CVE-2016-9933
HIGH7.5EPSS 8.3%libgd2 - security update
發布日:2017/1/4修改日:2026/4/28
描述
Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.
受影響套件(3)
- Debian/libgd2from 0, < 2.2.2-29-g3c2b605-1
- Debian/libgd2from 0, < 2.0.36~rc1~dfsg-6.1+deb7u7
- Debian/libgd2from 0, < 2.1.0-5+deb8u8
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |