CVE-2016-5767
moderate-risk
Published 2016-08-07
Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library (aka libgd) before 2.0.34RC1, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted image dimensions.
Do I need to act?
~
4.6% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
Affected Products (1)
Affected Vendors
References (24)
Release Notes
http://php.net/ChangeLog-5.php
Release Notes
http://php.net/ChangeLog-7.php
Release Notes
http://www.openwall.com/lists/oss-security/2016/06/23/4
Release Notes
http://php.net/ChangeLog-5.php
Release Notes
http://php.net/ChangeLog-7.php
and 4 more references
43
/ 100
moderate-risk
Severity
30/34 · Critical
Exploitability
8/34 · Low
Exposure
5/34 · Minimal