Critical severity9.8NVD Advisory· Published Sep 28, 2016· Updated May 6, 2026

CVE-2016-7568

Description

Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted imagewebp and imagedestroy calls.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/libgd/libgd/commit/40bec0f38f50e8510f5bb71a82f516d46facde03nvdIssue TrackingPatchThird Party Advisory
github.com/libgd/libgd/issues/308nvdIssue TrackingPatchThird Party Advisory
github.com/php/php-src/commit/c18263e0e0769faee96a5d0ee04b750c442783c6nvdIssue TrackingPatchThird Party Advisory
www.debian.org/security/2016/dsa-3693nvdThird Party Advisory
www.securityfocus.com/bid/93184nvdThird Party AdvisoryVDB Entry
bugs.php.net/bug.phpnvdIssue TrackingVendor Advisory
security.gentoo.org/glsa/201612-09nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000