Description
Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted imagewebp and imagedestroy calls.
References (7)
Core 7
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://github.com/php/php-src/commit/c18263e0e0769faee96a5d0ee04b750c442783c6
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2016/dsa-3693
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201612-09
Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugs.php.net/bug.php?id=73003
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://github.com/libgd/libgd/issues/308
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://github.com/libgd/libgd/commit/40bec0f38f50e8510f5bb71a82f516d46facde03
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/93184
Scores
CVSS v3
9.8
EPSS
0.0342
EPSS Percentile
87.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-190
Status
published
Products (3)
debian/debian_linux
8.0
libgd/libgd
< 2.2.3
php/php
5.6.0 - 5.6.26
Published
Sep 28, 2016
Tracked Since
Feb 18, 2026