7.5
CVE-2016-6128
- EPSS 6.81%
- Veröffentlicht 07.08.2016 10:59:22
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle security@debian.org
- CVE-Watchlists
- Unerledigt
The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version8.0
Canonical ≫ Ubuntu Linux Version12.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version15.10
Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 6.81% | 0.932 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://rhn.redhat.com/errata/RHSA-2016-2750.html
http://www.ubuntu.com/usn/USN-3030-1
http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html
http://www.debian.org/security/2016/dsa-3619
https://libgd.github.io/release-2.2.3.html
https://security.gentoo.org/glsa/201612-09
http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html
http://www.openwall.com/lists/oss-security/2016/06/30/1
http://www.securityfocus.com/bid/91509
http://www.securitytracker.com/id/1036276
https://bugs.php.net/72494
https://github.com/libgd/libgd/commit/1ccfe21e14c4d18336f9da8515cd17db88c3de61
https://github.com/libgd/libgd/commit/6ff72ae40c7c20ece939afb362d98cc37f4a1c96