CVE-2016-7568

Gentoo Linux Security Advisory 201612-09

Severity Score

9.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted imagewebp and imagedestroy calls.

Desbordamiento de entero en la función gdImageWebpCtx en gd_webp.c en la GD Graphics Library (también conocido como libgd) hasta la versión 2.2.3, tal como se utiliza en PHP hasta la versión 7.0.11, permite a atacantes remotos provocar una denegación de servicio (desbordamiento de búfer basado en memoria dinámica) o tener otro posible impacto no especificado a través de llamadas imagewebp e imagedestroy manipuladas.

Ibrahim El-Sayed discovered that the GD library incorrectly handled certain malformed Tiff images. If a user or automated system were tricked into processing a specially crafted Tiff image, an attacker could cause a denial of service. Ke Liu discovered that the GD library incorrectly handled certain integers when processing WebP images. If a user or automated system were tricked into processing a specially crafted WebP image, an attacker could cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. Various other issues were also addressed.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2016-09-09 CVE Reserved
2016-09-28 CVE Published
2024-08-06 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-190: Integer Overflow or Wraparound

CAPEC

References (7)

URL	Tag	Source
http://www.securityfocus.com/bid/93184	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://github.com/libgd/libgd/commit/40bec0f38f50e8510f5bb71a82f516d46facde03	2019-03-07
https://github.com/libgd/libgd/issues/308	2019-03-07
https://github.com/php/php-src/commit/c18263e0e0769faee96a5d0ee04b750c442783c6	2019-03-07

URL	Date	SRC
http://www.debian.org/security/2016/dsa-3693	2019-03-07
https://bugs.php.net/bug.php?id=73003	2019-03-07
https://security.gentoo.org/glsa/201612-09	2019-03-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Libgd Search vendor "Libgd"		Libgd Search vendor "Libgd" for product "Libgd"				<= 2.2.3 Search vendor "Libgd" for product "Libgd" and version " <= 2.2.3"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				>= 5.6.0 <= 5.6.26 Search vendor "Php" for product "Php" and version " >= 5.6.0 <= 5.6.26"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				>= 7.0.0 <= 7.0.11 Search vendor "Php" for product "Php" and version " >= 7.0.0 <= 7.0.11"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0"		-		Affected