CVE-2016-6128
gd: Invalid color index not properly handled
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index.
La función gdImageCropThreshold en gd_crop.c en la GD Graphics Library (también conocido como libgd) en versiones anteriores a 2.2.3, como se utiliza en PHP en versiones anteriores a 7.0.9, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un índice de color invalido.
It was found that libgd did not properly handle invalid color indexes in GD files. An attacker who could submit a crafted GD file for conversion could cause applications using libgd to crash, leading to denial of service.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2016-06-29 CVE Reserved
- 2016-07-11 CVE Published
- 2023-07-11 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (14)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/06/30/1 | Mailing List |
|
| http://www.securityfocus.com/bid/91509 | Third Party Advisory | |
| http://www.securitytracker.com/id/1036276 | Third Party Advisory | |
| https://github.com/libgd/libgd/commit/6ff72ae40c7c20ece939afb362d98cc37f4a1c96 | Issue Tracking | |
| https://libgd.github.io/release-2.2.3.html | Release Notes |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/libgd/libgd/commit/1ccfe21e14c4d18336f9da8515cd17db88c3de61 | 2020-11-16 |
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html | 2020-11-16 | |
| http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html | 2020-11-16 | |
| http://rhn.redhat.com/errata/RHSA-2016-2750.html | 2020-11-16 | |
| http://www.debian.org/security/2016/dsa-3619 | 2020-11-16 | |
| http://www.ubuntu.com/usn/USN-3030-1 | 2020-11-16 | |
| https://security.gentoo.org/glsa/201612-09 | 2020-11-16 | |
| https://access.redhat.com/security/cve/CVE-2016-6128 | 2016-11-15 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1351603 | 2016-11-15 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Libgd Search vendor "Libgd" | Libgd Search vendor "Libgd" for product "Libgd" | <= 2.2.2 Search vendor "Libgd" for product "Libgd" and version " <= 2.2.2" | - |
Affected
| in | Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | >= 5.6.0 <= 5.6.24 Search vendor "Php" for product "Php" and version " >= 5.6.0 <= 5.6.24" | - |
Safe
|
| Libgd Search vendor "Libgd" | Libgd Search vendor "Libgd" for product "Libgd" | <= 2.2.2 Search vendor "Libgd" for product "Libgd" and version " <= 2.2.2" | - |
Affected
| in | Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | >= 7.0.0 < 7.0.9 Search vendor "Php" for product "Php" and version " >= 7.0.0 < 7.0.9" | - |
Safe
|
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 42.1 Search vendor "Opensuse" for product "Leap" and version "42.1" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 15.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "15.10" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||