Rapid7 Vulnerability & Exploit Database

Ubuntu: USN-3213-1 (CVE-2016-9933): GD library vulnerabilities

Free InsightVM Trial No Credit Card Necessary

Watch Demo See how it all works

Back to Search

Ubuntu: USN-3213-1 (CVE-2016-9933): GD library vulnerabilities

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:P)

Published

01/04/2017

Created

07/25/2018

Added

03/01/2017

Modified

05/03/2019

Description

Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.

Solution(s)

ubuntu-upgrade-libgd2-noxpm
ubuntu-upgrade-libgd2-xpm
ubuntu-upgrade-libgd3

References

USN-3213-1
DLA-758-1
DSA-3732
DSA-3751
94865
RHSA-2018:1296
CVE-2016-9933

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Ubuntu: USN-3213-1 (CVE-2016-9933): GD library vulnerabilities

Ubuntu: USN-3213-1 (CVE-2016-9933): GD library vulnerabilities

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.