High severity7.5NVD Advisory· Published Jan 4, 2017· Updated May 6, 2026
CVE-2016-9933
CVE-2016-9933
Description
Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
15- github.com/libgd/libgd/commit/77f619d48259383628c3ec4654b1ad578e9eb40envdPatchVendor Advisory
- www.openwall.com/lists/oss-security/2016/12/12/2nvdThird Party Advisory
- www.php.net/ChangeLog-5.phpnvdRelease NotesVendor Advisory
- www.php.net/ChangeLog-7.phpnvdRelease NotesVendor Advisory
- bugs.php.net/bug.phpnvdVendor Advisory
- github.com/libgd/libgd/issues/215nvdVendor Advisory
- github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1nvdVendor Advisory
- lists.opensuse.org/opensuse-updates/2016-12/msg00133.htmlnvd
- lists.opensuse.org/opensuse-updates/2016-12/msg00142.htmlnvd
- lists.opensuse.org/opensuse-updates/2017-01/msg00002.htmlnvd
- lists.opensuse.org/opensuse-updates/2017-01/msg00034.htmlnvd
- lists.opensuse.org/opensuse-updates/2017-01/msg00054.htmlnvd
- www.debian.org/security/2017/dsa-3751nvd
- www.securityfocus.com/bid/94865nvd
- access.redhat.com/errata/RHSA-2018:1296nvd
News mentions
0No linked articles in our index yet.