CVE-2016-8670
Apple Security Advisory 2017-01-23-2
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted imagecreatefromstring call.
Error de firma de enteros en la función dynamicGetbuf en gd_io_dp.c en la librería de gráficos GD (también conocido como libgd) hasta la versión 2.2.3 como se utiliza en PHP en versiones anteriores a 5.6.28 y 7.x en versiones anteriores a 7.0.13 permite a atacantes remotos provocar una denegación de servicio (desbordamiento de búfer basado en pila) o posiblemente tener otro impacto no especificado a través de una llamada manipulada imagecreatefromstring.
Ibrahim El-Sayed discovered that the GD library incorrectly handled certain malformed Tiff images. If a user or automated system were tricked into processing a specially crafted Tiff image, an attacker could cause a denial of service. Ke Liu discovered that the GD library incorrectly handled certain integers when processing WebP images. If a user or automated system were tricked into processing a specially crafted WebP image, an attacker could cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-10-15 CVE Reserved
- 2016-11-01 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/10/15/1 | Mailing List |
|
| http://www.securityfocus.com/bid/93594 | Vdb Entry | |
| https://support.f5.com/csp/article/K21336065?utm_source=f5support&%3Butm_medium=RSS | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2016/dsa-3693 | 2023-11-07 | |
| http://www.php.net/ChangeLog-5.php | 2023-11-07 | |
| http://www.php.net/ChangeLog-7.php | 2023-11-07 | |
| https://bugs.php.net/bug.php?id=73280 | 2023-11-07 | |
| https://github.com/libgd/libgd/commit/53110871935244816bbb9d131da0bccff734bfe9 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Libgd Search vendor "Libgd" | Libgd Search vendor "Libgd" for product "Libgd" | <= 2.2.3 Search vendor "Libgd" for product "Libgd" and version " <= 2.2.3" | - |
Affected
| in | Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | <= 5.6.27 Search vendor "Php" for product "Php" and version " <= 5.6.27" | - |
Safe
|
| Libgd Search vendor "Libgd" | Libgd Search vendor "Libgd" for product "Libgd" | <= 2.2.3 Search vendor "Libgd" for product "Libgd" and version " <= 2.2.3" | - |
Affected
| in | Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.0 Search vendor "Php" for product "Php" and version "7.0.0" | - |
Safe
|
| Libgd Search vendor "Libgd" | Libgd Search vendor "Libgd" for product "Libgd" | <= 2.2.3 Search vendor "Libgd" for product "Libgd" and version " <= 2.2.3" | - |
Affected
| in | Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.1 Search vendor "Php" for product "Php" and version "7.0.1" | - |
Safe
|
| Libgd Search vendor "Libgd" | Libgd Search vendor "Libgd" for product "Libgd" | <= 2.2.3 Search vendor "Libgd" for product "Libgd" and version " <= 2.2.3" | - |
Affected
| in | Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.2 Search vendor "Php" for product "Php" and version "7.0.2" | - |
Safe
|
| Libgd Search vendor "Libgd" | Libgd Search vendor "Libgd" for product "Libgd" | <= 2.2.3 Search vendor "Libgd" for product "Libgd" and version " <= 2.2.3" | - |
Affected
| in | Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.3 Search vendor "Php" for product "Php" and version "7.0.3" | - |
Safe
|
| Libgd Search vendor "Libgd" | Libgd Search vendor "Libgd" for product "Libgd" | <= 2.2.3 Search vendor "Libgd" for product "Libgd" and version " <= 2.2.3" | - |
Affected
| in | Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.4 Search vendor "Php" for product "Php" and version "7.0.4" | - |
Safe
|
| Libgd Search vendor "Libgd" | Libgd Search vendor "Libgd" for product "Libgd" | <= 2.2.3 Search vendor "Libgd" for product "Libgd" and version " <= 2.2.3" | - |
Affected
| in | Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.5 Search vendor "Php" for product "Php" and version "7.0.5" | - |
Safe
|
| Libgd Search vendor "Libgd" | Libgd Search vendor "Libgd" for product "Libgd" | <= 2.2.3 Search vendor "Libgd" for product "Libgd" and version " <= 2.2.3" | - |
Affected
| in | Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.6 Search vendor "Php" for product "Php" and version "7.0.6" | - |
Safe
|
| Libgd Search vendor "Libgd" | Libgd Search vendor "Libgd" for product "Libgd" | <= 2.2.3 Search vendor "Libgd" for product "Libgd" and version " <= 2.2.3" | - |
Affected
| in | Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.7 Search vendor "Php" for product "Php" and version "7.0.7" | - |
Safe
|
| Libgd Search vendor "Libgd" | Libgd Search vendor "Libgd" for product "Libgd" | <= 2.2.3 Search vendor "Libgd" for product "Libgd" and version " <= 2.2.3" | - |
Affected
| in | Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.8 Search vendor "Php" for product "Php" and version "7.0.8" | - |
Safe
|
| Libgd Search vendor "Libgd" | Libgd Search vendor "Libgd" for product "Libgd" | <= 2.2.3 Search vendor "Libgd" for product "Libgd" and version " <= 2.2.3" | - |
Affected
| in | Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.9 Search vendor "Php" for product "Php" and version "7.0.9" | - |
Safe
|
| Libgd Search vendor "Libgd" | Libgd Search vendor "Libgd" for product "Libgd" | <= 2.2.3 Search vendor "Libgd" for product "Libgd" and version " <= 2.2.3" | - |
Affected
| in | Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.10 Search vendor "Php" for product "Php" and version "7.0.10" | - |
Safe
|
| Libgd Search vendor "Libgd" | Libgd Search vendor "Libgd" for product "Libgd" | <= 2.2.3 Search vendor "Libgd" for product "Libgd" and version " <= 2.2.3" | - |
Affected
| in | Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.11 Search vendor "Php" for product "Php" and version "7.0.11" | - |
Safe
|
| Libgd Search vendor "Libgd" | Libgd Search vendor "Libgd" for product "Libgd" | <= 2.2.3 Search vendor "Libgd" for product "Libgd" and version " <= 2.2.3" | - |
Affected
| in | Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.12 Search vendor "Php" for product "Php" and version "7.0.12" | - |
Safe
|