OpenCVE

Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted imagewebp and imagedestroy calls.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Debian Linux
Libgd	Libgd
Php	Php

Configuration 1 [-]

cpe:2.3:a:libgd:libgd:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:php:php::::::::
	cpe:2.3:a:php:php::::::::

Configuration 3 [-]

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.debian.org/security/2016/dsa-3693
http://www.securityfocus.com/bid/93184
https://bugs.php.net/bug.php?id=73003
https://github.com/libgd/libgd/commit/40bec0f38f50e8510f5bb71a82f516d46facde03
https://github.com/libgd/libgd/issues/308
https://github.com/php/php-src/commit/c18263e0e0769faee96a5d0ee04b750c442783c6
https://nvd.nist.gov/vuln/detail/CVE-2016-7568
https://security.gentoo.org/glsa/201612-09
https://www.cve.org/CVERecord?id=CVE-2016-7568

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2016-09-28T20:00:00

Updated: 2024-08-06T02:04:55.604Z

Reserved: 2016-09-09T00:00:00

Link: CVE-2016-7568

Vulnrichment

No data.

NVD

Status : Modified

Published: 2016-09-28T20:59:02.680

Modified: 2024-11-21T02:58:13.593

Link: CVE-2016-7568

Redhat

Severity : Moderate

Publid Date: 2016-09-02T00:00:00Z

Links: CVE-2016-7568 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-09-21T00:00:00", "descriptions": [{"lang": "en", "value": "Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted imagewebp and imagedestroy calls."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-03T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/php/php-src/commit/c18263e0e0769faee96a5d0ee04b750c442783c6"}, {"name": "DSA-3693", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3693"}, {"name": "GLSA-201612-09", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201612-09"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.php.net/bug.php?id=73003"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/libgd/libgd/issues/308"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/libgd/libgd/commit/40bec0f38f50e8510f5bb71a82f516d46facde03"}, {"name": "93184", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/93184"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-7568", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted imagewebp and imagedestroy calls."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/php/php-src/commit/c18263e0e0769faee96a5d0ee04b750c442783c6", "refsource": "CONFIRM", "url": "https://github.com/php/php-src/commit/c18263e0e0769faee96a5d0ee04b750c442783c6"}, {"name": "DSA-3693", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3693"}, {"name": "GLSA-201612-09", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201612-09"}, {"name": "https://bugs.php.net/bug.php?id=73003", "refsource": "CONFIRM", "url": "https://bugs.php.net/bug.php?id=73003"}, {"name": "https://github.com/libgd/libgd/issues/308", "refsource": "CONFIRM", "url": "https://github.com/libgd/libgd/issues/308"}, {"name": "https://github.com/libgd/libgd/commit/40bec0f38f50e8510f5bb71a82f516d46facde03", "refsource": "CONFIRM", "url": "https://github.com/libgd/libgd/commit/40bec0f38f50e8510f5bb71a82f516d46facde03"}, {"name": "93184", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93184"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T02:04:55.604Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/php/php-src/commit/c18263e0e0769faee96a5d0ee04b750c442783c6"}, {"name": "DSA-3693", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2016/dsa-3693"}, {"name": "GLSA-201612-09", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201612-09"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.php.net/bug.php?id=73003"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/libgd/libgd/issues/308"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/libgd/libgd/commit/40bec0f38f50e8510f5bb71a82f516d46facde03"}, {"name": "93184", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/93184"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-7568", "datePublished": "2016-09-28T20:00:00", "dateReserved": "2016-09-09T00:00:00", "dateUpdated": "2024-08-06T02:04:55.604Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libgd:libgd:*:*:*:*:*:*:*:*", "matchCriteriaId": "E040BCCE-C098-492F-990F-D0196B519B10", "versionEndIncluding": "2.2.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "12280608-2E91-4DA1-885B-138369FBFE42", "versionEndIncluding": "5.6.26", "versionStartIncluding": "5.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "BA49FAED-5BAC-40D4-BCC1-6C734AEDB9DB", "versionEndIncluding": "7.0.11", "versionStartIncluding": "7.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted imagewebp and imagedestroy calls."}, {"lang": "es", "value": "Desbordamiento de entero en la funci\u00f3n gdImageWebpCtx en gd_webp.c en la GD Graphics Library (tambi\u00e9n conocido como libgd) hasta la versi\u00f3n 2.2.3, tal como se utiliza en PHP hasta la versi\u00f3n 7.0.11, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (desbordamiento de b\u00fafer basado en memoria din\u00e1mica) o tener otro posible impacto no especificado a trav\u00e9s de llamadas imagewebp e imagedestroy manipuladas."}], "id": "CVE-2016-7568", "lastModified": "2024-11-21T02:58:13.593", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-09-28T20:59:02.680", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2016/dsa-3693"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/93184"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugs.php.net/bug.php?id=73003"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/libgd/libgd/commit/40bec0f38f50e8510f5bb71a82f516d46facde03"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/libgd/libgd/issues/308"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/php/php-src/commit/c18263e0e0769faee96a5d0ee04b750c442783c6"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201612-09"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2016/dsa-3693"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/93184"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugs.php.net/bug.php?id=73003"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/libgd/libgd/commit/40bec0f38f50e8510f5bb71a82f516d46facde03"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/libgd/libgd/issues/308"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/php/php-src/commit/c18263e0e0769faee96a5d0ee04b750c442783c6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201612-09"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "php: Integer overflow in gdImageWebpCtx", "id": "1380450", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1380450"}, "csaw": false, "cvss": {"cvss_base_score": "6.0", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "status": "draft"}, "cvss3": {"cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H", "status": "draft"}, "cwe": "CWE-190->CWE-122", "details": ["Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted imagewebp and imagedestroy calls.", "An integer overflow flaw, leading to a heap-based buffer overflow, was found in gd. A specially crafted image, when converted to webp, could cause the application to crash or potentially execute arbitrary code."], "name": "CVE-2016-7568", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "gd", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "php", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "php53", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "gd", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "php", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "gd", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "php", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:openshift:2", "fix_state": "Not affected", "package_name": "gd", "product_name": "Red Hat OpenShift Enterprise 2"}, {"cpe": "cpe:/a:redhat:openshift:2", "fix_state": "Not affected", "package_name": "php", "product_name": "Red Hat OpenShift Enterprise 2"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Not affected", "package_name": "php54-php", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Not affected", "package_name": "php55-php", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Not affected", "package_name": "rh-php56-php", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Not affected", "package_name": "rh-php70-php", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux"}], "public_date": "2016-09-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-7568\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7568"], "threat_severity": "Moderate"}