{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-06-27T00:00:00", "descriptions": [{"lang": "en", "value": "The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-04T19:57:01", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian"}, "references": [{"name": "openSUSE-SU-2016:2117", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html"}, {"name": "[oss-security] 20160629 Re: CVE Request: libgd: Invalid color index is not properly handled leading to denial of service (crash)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/06/30/1"}, {"name": "91509", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/91509"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://libgd.github.io/release-2.2.3.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.php.net/72494"}, {"name": "openSUSE-SU-2016:2363", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html"}, {"name": "RHSA-2016:2750", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"}, {"name": "1036276", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1036276"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/libgd/libgd/commit/6ff72ae40c7c20ece939afb362d98cc37f4a1c96"}, {"name": "GLSA-201612-09", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201612-09"}, {"name": "DSA-3619", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3619"}, {"name": "USN-3030-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3030-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/libgd/libgd/commit/1ccfe21e14c4d18336f9da8515cd17db88c3de61"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@debian.org", "ID": "CVE-2016-6128", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "openSUSE-SU-2016:2117", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html"}, {"name": "[oss-security] 20160629 Re: CVE Request: libgd: Invalid color index is not properly handled leading to denial of service (crash)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/06/30/1"}, {"name": "91509", "refsource": "BID", "url": "http://www.securityfocus.com/bid/91509"}, {"name": "https://libgd.github.io/release-2.2.3.html", "refsource": "CONFIRM", "url": "https://libgd.github.io/release-2.2.3.html"}, {"name": "https://bugs.php.net/72494", "refsource": "CONFIRM", "url": "https://bugs.php.net/72494"}, {"name": "openSUSE-SU-2016:2363", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html"}, {"name": "RHSA-2016:2750", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"}, {"name": "1036276", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1036276"}, {"name": "https://github.com/libgd/libgd/commit/6ff72ae40c7c20ece939afb362d98cc37f4a1c96", "refsource": "CONFIRM", "url": "https://github.com/libgd/libgd/commit/6ff72ae40c7c20ece939afb362d98cc37f4a1c96"}, {"name": "GLSA-201612-09", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201612-09"}, {"name": "DSA-3619", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3619"}, {"name": "USN-3030-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3030-1"}, {"name": "https://github.com/libgd/libgd/commit/1ccfe21e14c4d18336f9da8515cd17db88c3de61", "refsource": "CONFIRM", "url": "https://github.com/libgd/libgd/commit/1ccfe21e14c4d18336f9da8515cd17db88c3de61"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:22:20.543Z"}, "title": "CVE Program Container", "references": [{"name": "openSUSE-SU-2016:2117", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html"}, {"name": "[oss-security] 20160629 Re: CVE Request: libgd: Invalid color index is not properly handled leading to denial of service (crash)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/06/30/1"}, {"name": "91509", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/91509"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://libgd.github.io/release-2.2.3.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.php.net/72494"}, {"name": "openSUSE-SU-2016:2363", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html"}, {"name": "RHSA-2016:2750", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"}, {"name": "1036276", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1036276"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/libgd/libgd/commit/6ff72ae40c7c20ece939afb362d98cc37f4a1c96"}, {"name": "GLSA-201612-09", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201612-09"}, {"name": "DSA-3619", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2016/dsa-3619"}, {"name": "USN-3030-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3030-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/libgd/libgd/commit/1ccfe21e14c4d18336f9da8515cd17db88c3de61"}]}]}, "cveMetadata": {"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2016-6128", "datePublished": "2016-08-07T10:00:00", "dateReserved": "2016-06-29T00:00:00", "dateUpdated": "2024-08-06T01:22:20.543Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libgd:libgd:*:*:*:*:*:*:*:*", "matchCriteriaId": "CABE614C-FFD3-4B02-B5DF-658185F8D874", "versionEndIncluding": "2.2.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "7006DF7F-F0B3-419F-A78C-9424D62520BA", "versionEndIncluding": "5.6.24", "versionStartIncluding": "5.6.0", "vulnerable": false}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "E03A748C-D25C-4E3F-B636-F6E45A9A92CC", "versionEndExcluding": "7.0.9", "versionStartIncluding": "7.0.0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index."}, {"lang": "es", "value": "La funci\u00f3n gdImageCropThreshold en gd_crop.c en la GD Graphics Library (tambi\u00e9n conocido como libgd) en versiones anteriores a 2.2.3, como se utiliza en PHP en versiones anteriores a 7.0.9, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de un \u00edndice de color invalido."}], "id": "CVE-2016-6128", "lastModified": "2024-11-21T02:55:30.417", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-08-07T10:59:22.650", "references": [{"source": "security@debian.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html"}, {"source": "security@debian.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html"}, {"source": "security@debian.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"}, {"source": "security@debian.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2016/dsa-3619"}, {"source": "security@debian.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/06/30/1"}, {"source": "security@debian.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/91509"}, {"source": "security@debian.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1036276"}, {"source": "security@debian.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-3030-1"}, {"source": "security@debian.org", "tags": ["Issue Tracking", "Permissions Required"], "url": "https://bugs.php.net/72494"}, {"source": "security@debian.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/libgd/libgd/commit/1ccfe21e14c4d18336f9da8515cd17db88c3de61"}, {"source": "security@debian.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/libgd/libgd/commit/6ff72ae40c7c20ece939afb362d98cc37f4a1c96"}, {"source": "security@debian.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://libgd.github.io/release-2.2.3.html"}, {"source": "security@debian.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201612-09"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2016/dsa-3619"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/06/30/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/91509"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1036276"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-3030-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Permissions Required"], "url": "https://bugs.php.net/72494"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/libgd/libgd/commit/1ccfe21e14c4d18336f9da8515cd17db88c3de61"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/libgd/libgd/commit/6ff72ae40c7c20ece939afb362d98cc37f4a1c96"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://libgd.github.io/release-2.2.3.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201612-09"}], "sourceIdentifier": "security@debian.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2016:2750", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "rh-php56-0:2.3-1.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2016-11-15T00:00:00Z"}, {"advisory": "RHSA-2016:2750", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "rh-php56-php-0:5.6.25-1.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2016-11-15T00:00:00Z"}, {"advisory": "RHSA-2016:2750", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "rh-php56-php-pear-1:1.9.5-4.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2016-11-15T00:00:00Z"}, {"advisory": "RHSA-2016:2750", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "rh-php56-0:2.3-1.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date": "2016-11-15T00:00:00Z"}, {"advisory": "RHSA-2016:2750", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "rh-php56-php-0:5.6.25-1.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date": "2016-11-15T00:00:00Z"}, {"advisory": "RHSA-2016:2750", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "rh-php56-php-pear-1:1.9.5-4.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date": "2016-11-15T00:00:00Z"}, {"advisory": "RHSA-2016:2750", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-php56-0:2.3-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2016-11-15T00:00:00Z"}, {"advisory": "RHSA-2016:2750", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-php56-php-0:5.6.25-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2016-11-15T00:00:00Z"}, {"advisory": "RHSA-2016:2750", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-php56-php-pear-1:1.9.5-4.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2016-11-15T00:00:00Z"}, {"advisory": "RHSA-2016:2750", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-php56-0:2.3-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS", "release_date": "2016-11-15T00:00:00Z"}, {"advisory": "RHSA-2016:2750", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-php56-php-0:5.6.25-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS", "release_date": "2016-11-15T00:00:00Z"}, {"advisory": "RHSA-2016:2750", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-php56-php-pear-1:1.9.5-4.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS", "release_date": "2016-11-15T00:00:00Z"}, {"advisory": "RHSA-2016:2750", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-php56-0:2.3-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS", "release_date": "2016-11-15T00:00:00Z"}, {"advisory": "RHSA-2016:2750", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-php56-php-0:5.6.25-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS", "release_date": "2016-11-15T00:00:00Z"}, {"advisory": "RHSA-2016:2750", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-php56-php-pear-1:1.9.5-4.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS", "release_date": "2016-11-15T00:00:00Z"}], "bugzilla": {"description": "gd: Invalid color index not properly handled", "id": "1351603", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1351603"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified"}, "cvss3": {"cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified"}, "cwe": "CWE-20", "details": ["The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index.", "It was found that libgd did not properly handle invalid color indexes in GD files. An attacker who could submit a crafted GD file for conversion could cause applications using libgd to crash, leading to denial of service."], "name": "CVE-2016-6128", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "gd", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "libwmf", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "php", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "php53", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "gd", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "libwmf", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "php", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "gd", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "libwmf", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "php", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:openshift:2", "fix_state": "Not affected", "package_name": "gd", "product_name": "Red Hat OpenShift Enterprise 2"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Not affected", "package_name": "php54-php", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Will not fix", "package_name": "php55-php", "product_name": "Red Hat Software Collections"}], "public_date": "2016-06-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-6128\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6128"], "statement": "Red Hat Product Security has rated this issue as having Low security\nimpact. This issue is not currently planned to be addressed in future\nupdates. For additional information, refer to the Issue Severity\nClassification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Low", "upstream_fix": "php 5.6.25, php 7.0.10"}