CVE-2016-9933
libgd2 - security update
7.5
HIGH
CVSS 3.1
EPSS 8.3%
Description
Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.
How to fix CVE-2016-9933
To remediate CVE-2016-9933, upgrade the affected package to a fixed version below.
- —upgrade to 2.2.2-29-g3c2b605-1 or later
- —upgrade to 2.0.36~rc1~dfsg-6.1+deb7u7 or later
- —upgrade to 2.1.0-5+deb8u8 or later
Is CVE-2016-9933 being exploited?
Moderate — EPSS is 8.3%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (3)
- from 0, < 2.2.2-29-g3c2b605-1
- from 0, < 2.0.36~rc1~dfsg-6.1+deb7u7
- from 0, < 2.1.0-5+deb8u8
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |