Integer overflow in the gd2GetHeader function in gdgd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "2.1.0-3ubuntu0.2", "binary_name": "libgd-dbg" }, { "binary_version": "2.1.0-3ubuntu0.2", "binary_name": "libgd-dev" }, { "binary_version": "2.1.0-3ubuntu0.2", "binary_name": "libgd-tools" }, { "binary_version": "2.1.0-3ubuntu0.2", "binary_name": "libgd-tools-dbgsym" }, { "binary_version": "2.1.0-3ubuntu0.2", "binary_name": "libgd2-noxpm-dev" }, { "binary_version": "2.1.0-3ubuntu0.2", "binary_name": "libgd2-xpm-dev" }, { "binary_version": "2.1.0-3ubuntu0.2", "binary_name": "libgd3" }, { "binary_version": "2.1.0-3ubuntu0.2", "binary_name": "libgd3-dbgsym" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "2.1.1-4ubuntu0.16.04.2", "binary_name": "libgd-dbg" }, { "binary_version": "2.1.1-4ubuntu0.16.04.2", "binary_name": "libgd-dev" }, { "binary_version": "2.1.1-4ubuntu0.16.04.2", "binary_name": "libgd-dev-dbgsym" }, { "binary_version": "2.1.1-4ubuntu0.16.04.2", "binary_name": "libgd-tools" }, { "binary_version": "2.1.1-4ubuntu0.16.04.2", "binary_name": "libgd-tools-dbgsym" }, { "binary_version": "2.1.1-4ubuntu0.16.04.2", "binary_name": "libgd3" }, { "binary_version": "2.1.1-4ubuntu0.16.04.2", "binary_name": "libgd3-dbgsym" } ] }