{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-12-08T00:00:00", "descriptions": [{"lang": "en", "value": "Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-05-03T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[oss-security] 20161212 CVE assignment for PHP 5.6.28, 5.6.29, 7.0.13, 7.0.14 and 7.1.0", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/12/12/2"}, {"name": "openSUSE-SU-2016:3228", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00133.html"}, {"name": "openSUSE-SU-2017:0081", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00054.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.php.net/ChangeLog-7.php"}, {"name": "openSUSE-SU-2017:0006", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00002.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1"}, {"name": "DSA-3751", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2017/dsa-3751"}, {"name": "94865", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94865"}, {"name": "RHSA-2018:1296", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:1296"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.php.net/ChangeLog-5.php"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.php.net/bug.php?id=72696"}, {"name": "openSUSE-SU-2017:0061", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00034.html"}, {"name": "openSUSE-SU-2016:3239", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00142.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/libgd/libgd/issues/215"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/libgd/libgd/commit/77f619d48259383628c3ec4654b1ad578e9eb40e"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-9933", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20161212 CVE assignment for PHP 5.6.28, 5.6.29, 7.0.13, 7.0.14 and 7.1.0", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/12/12/2"}, {"name": "openSUSE-SU-2016:3228", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00133.html"}, {"name": "openSUSE-SU-2017:0081", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00054.html"}, {"name": "http://www.php.net/ChangeLog-7.php", "refsource": "CONFIRM", "url": "http://www.php.net/ChangeLog-7.php"}, {"name": "openSUSE-SU-2017:0006", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00002.html"}, {"name": "https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1", "refsource": "CONFIRM", "url": "https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1"}, {"name": "DSA-3751", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3751"}, {"name": "94865", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94865"}, {"name": "RHSA-2018:1296", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1296"}, {"name": "http://www.php.net/ChangeLog-5.php", "refsource": "CONFIRM", "url": "http://www.php.net/ChangeLog-5.php"}, {"name": "https://bugs.php.net/bug.php?id=72696", "refsource": "CONFIRM", "url": "https://bugs.php.net/bug.php?id=72696"}, {"name": "openSUSE-SU-2017:0061", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00034.html"}, {"name": "openSUSE-SU-2016:3239", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00142.html"}, {"name": "https://github.com/libgd/libgd/issues/215", "refsource": "CONFIRM", "url": "https://github.com/libgd/libgd/issues/215"}, {"name": "https://github.com/libgd/libgd/commit/77f619d48259383628c3ec4654b1ad578e9eb40e", "refsource": "CONFIRM", "url": "https://github.com/libgd/libgd/commit/77f619d48259383628c3ec4654b1ad578e9eb40e"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T03:07:31.422Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20161212 CVE assignment for PHP 5.6.28, 5.6.29, 7.0.13, 7.0.14 and 7.1.0", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/12/12/2"}, {"name": "openSUSE-SU-2016:3228", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00133.html"}, {"name": "openSUSE-SU-2017:0081", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00054.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.php.net/ChangeLog-7.php"}, {"name": "openSUSE-SU-2017:0006", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00002.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1"}, {"name": "DSA-3751", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2017/dsa-3751"}, {"name": "94865", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/94865"}, {"name": "RHSA-2018:1296", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:1296"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.php.net/ChangeLog-5.php"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.php.net/bug.php?id=72696"}, {"name": "openSUSE-SU-2017:0061", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00034.html"}, {"name": "openSUSE-SU-2016:3239", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00142.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/libgd/libgd/issues/215"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/libgd/libgd/commit/77f619d48259383628c3ec4654b1ad578e9eb40e"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-9933", "datePublished": "2017-01-04T20:00:00", "dateReserved": "2016-12-12T00:00:00", "dateUpdated": "2024-08-06T03:07:31.422Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libgd:libgd:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "5AB26BF9-D145-4F4C-A71F-F9C886AFB272", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "DEBFD36E-4559-474C-ADEE-3686F156180C", "versionEndIncluding": "5.6.27", "vulnerable": false}, {"criteria": "cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "DB6890AF-8A0A-46EE-AAD5-CF9AAE14A321", "vulnerable": false}, {"criteria": "cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "6B90B947-7B54-47F3-9637-2F4AC44079EE", "vulnerable": false}, {"criteria": "cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "35848414-BD5D-4164-84DC-61ABBB1C4152", "vulnerable": false}, {"criteria": "cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "2B1F8402-8551-4F66-A9A7-81D472AB058E", "vulnerable": false}, {"criteria": "cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "7A773E8E-48CD-4D35-A0FD-629BD9334486", "vulnerable": false}, {"criteria": "cpe:2.3:a:php:php:7.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "FC492340-79AF-4676-A161-079A97EC6F0C", "vulnerable": false}, {"criteria": "cpe:2.3:a:php:php:7.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "F1C2D8FE-C380-4B43-B634-A3DBA4700A71", "vulnerable": false}, {"criteria": "cpe:2.3:a:php:php:7.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "3EB58393-0C10-413C-8D95-6BAA8BC19A1B", "vulnerable": false}, {"criteria": "cpe:2.3:a:php:php:7.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "751F51CA-9D88-4971-A6EC-8C0B72E8E22B", "vulnerable": false}, {"criteria": "cpe:2.3:a:php:php:7.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "37B74118-8FC2-44CB-9673-A83DF777B2E6", "vulnerable": false}, {"criteria": "cpe:2.3:a:php:php:7.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "4D56A200-1477-40DA-9444-CFC946157C69", "vulnerable": false}, {"criteria": "cpe:2.3:a:php:php:7.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "FD0D1CCC-A857-4C15-899E-08F9255CEE34", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value."}, {"lang": "es", "value": "Vulnerabilidad de consumo de pila en la funci\u00f3n gdImageFillToBorder en gd.c en la GD Graphics Library (tambi\u00e9n conocida como libgd) en versiones anteriores a 2.2.2, como se utiliza en PHP en versiones anteriores a 5.6.28 y 7.x en versiones anteriores a 7.0.13, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (violaci\u00f3n de segmentaci\u00f3n) a trav\u00e9s de una llamada imagefilltoborder manipulada que desencadena el uso de un valor de color negativo."}], "id": "CVE-2016-9933", "lastModified": "2018-05-04T01:29:01.987", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-01-04T20:59:00.480", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00133.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00142.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00002.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00034.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00054.html"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2017/dsa-3751"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/12/12/2"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://www.php.net/ChangeLog-5.php"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://www.php.net/ChangeLog-7.php"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/94865"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2018:1296"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://bugs.php.net/bug.php?id=72696"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/libgd/libgd/commit/77f619d48259383628c3ec4654b1ad578e9eb40e"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://github.com/libgd/libgd/issues/215"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2018:1296", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "rh-php70-php-0:7.0.27-1.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2018-05-03T00:00:00Z"}, {"advisory": "RHSA-2018:1296", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "rh-php70-php-0:7.0.27-1.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date": "2018-05-03T00:00:00Z"}, {"advisory": "RHSA-2018:1296", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-php70-php-0:7.0.27-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2018-05-03T00:00:00Z"}, {"advisory": "RHSA-2018:1296", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-php70-php-0:7.0.27-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS", "release_date": "2018-05-03T00:00:00Z"}, {"advisory": "RHSA-2018:1296", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-php70-php-0:7.0.27-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS", "release_date": "2018-05-03T00:00:00Z"}, {"advisory": "RHSA-2018:1296", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-php70-php-0:7.0.27-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS", "release_date": "2018-05-03T00:00:00Z"}], "bugzilla": {"description": "gd: Stack overflow in gdImageFillToBorder on truecolor images", "id": "1404723", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404723"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified"}, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified"}, "cwe": "CWE-20", "details": ["Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.", "An infinite recursion flaw was found in the gdImageFillToBorder() function from the gd library; also used by PHP imagefilltoborder() function, when passing a negative integer as the color parameter, triggering a stack overflow. A remote attacker with ability to force a negative color identifier when calling the function could crash the PHP application, causing a Denial of Service."], "name": "CVE-2016-9933", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "gd", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "php", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "php53", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "gd", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "php", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "gd", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "php", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:openshift:2", "fix_state": "Will not fix", "package_name": "gd", "product_name": "Red Hat OpenShift Enterprise 2"}, {"cpe": "cpe:/a:redhat:openshift:2", "fix_state": "Will not fix", "package_name": "php", "product_name": "Red Hat OpenShift Enterprise 2"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Will not fix", "package_name": "rh-php56-php", "product_name": "Red Hat Software Collections"}], "public_date": "2016-12-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-9933\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9933"], "statement": "Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Low", "upstream_fix": "gd 2.2.2, php 5.6.28, php 7.0.13, php 7.1.0"}